Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: Macadonian on June 23, 2019, 09:08:46 PM



Title: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on June 23, 2019, 09:08:46 PM
After having many questions about quantum computing and posting my thoughts here: https://bitcointalk.org/index.php?topic=5087640.msg48810154#msg48810154

I have decided to go into more depth about the situation regarding quantum computers and their viability to disrupt the Bitcoin network in its current state and future state. Just to preface things I'm not an expert and will be only demonstrating knowledge that I believe to be correct and hopefully from this thread I'll also learn a few things and am more than welcome to corrections.

"Quantum computers will be the end of Bitcoin"
Quite the bold statement you say? As well as it being bold it is also completely false and far from the truth. Anyone claiming that quantum computers will be the end of Bitcoin either simply misunderstands how algorithms work or is completely void of any intelligence and just likes to scare monger. I will be honest with you its likely the latter.

First of I'd like to just kick this off with a bang and say Bitcoin currently is not at risk of anything. Quantum computers have not yet reached a level where they would be a threat to technology that Bitcoin uses. Notice how I'm using "technology" that Bitcoin uses and not just "Bitcoin" itself? Well that's because Bitcoin uses the ECDSA algorithm and it is this which will be under threat if quantum computers reach the level that they have been predicted. However Bitcoin itself will be unaffected.

How does quantum computers threaten the ECDSA algorithm?
Basically a quantum computer is extremely efficient at solving certain mathematical problems like factoring integers. However like previously stated in my last post this doesn't mean they are efficient in all areas and pose a threat from all angles.  Unfortunately for us quantum computers will break several current algorithms used in daily life including the ECDSA that Bitcoin uses. However there are definitely ways of avoiding this even if Bitcoin didn't implement a quantum resistant algorithm such as using an address only once to avoid your public key being exposed to the public more than once and thus increasing the likelihood of a quantum computer cracking the algorithm. What might surprise you is doing this increases the security of your Bitcoin without the threat of quantum computers and is actually the recommended practice when sending or receiving Bitcoin.

Quantum computers use the shor's algorithm which is a algorithm that runs on quantum computers for integer factorization. The way it does it is by soling any given integer by finding its prime factors. The fascinating thing about shor's algorithm is the fact that the algorithm runs in polynomial time but I'll spare you the details as that's irrelevant to the topic at hand.

But lets get rid of all that gibberish and keep this simple. Basically if a quantum computer ever reached a certain qubits (qubits are a measurement of the power of quantum computers basically by how many quantum information the computer holds) then it would be able to efficiently operating without the common limitations of other computers and current quantum computers. Which then means the public key that Bitcoin currently uses could very well be compromised. 

How many qubits would a quantum computer need to attack?
I'm not sure on this but my estimate would be anything over 500 and we should be looking at alternatives and seriously thinking about moving to a quantum resistant  algorithm before any issues arise. Many people are estimated that 1500 qubits would be an efficent and realistic amount to crack the EDSCA. Currently I believe the highest qubit quantum computer is around 10 qubits. I've been notified that a company is selling quantum computers called d-waves with 2000 qubits but its worth noting that these aren't designed the same as quantum computers that would be able to efficiently attack the algorithm Bitcoin uses and thus I'm going to ignore them for now. Also its worth noting that its been disputed by many that this company actually holds quantum computers with 2000 qubits.

So finally why are quantum computers nonviable to attack Bitcoin?
So this is one of the least discussed topics when discussing quantum computers and is commonly ignored. However I'm going to go into depth on why quantum computers are not a realistic problem to Bitcoin at least not for a very long time.

First of all there are several algorithms which other cryptocurrencies use that are actually quantum resistant. The simplest way to combat quantum computing breaking the current algorithm would be to change to a quantum resistant one. You might ask why we haven't already changed then? Well its unnecessary and would likely require a fork which have previously provided instability and differing opinions. Currently quantum computers pose no threat and by the time they do we will be well prepared and will likely be able to make changes. Basically the idea will be to judge quantum computers when we are at that stage because we will know exactly how they work and how efficient they are where as now we would be guessing and estimating which could mean we would need to change to a different algorithm in the future and introduce a new fork to the chain which isn't very efficient and we need to be efficient if we are to combat quantum computers! After all quantum computers only have 5-10 qubits at the moment and that would take thousands of years to break the ECDSA.

Secondly quantum computers will be extremely expensive to buy and run. The amount of technology and maintenance that quantum computers need to operate is quite frankly absurd. Its probably true that over time we will be getting better at improving their shortcomings and make them more accessible. However I don't think that quantum computers will ever be a personal computer thing and more a government operated thing. We could potentially see huge companies in possession of them if they believe them to be beneficial however ones that are capable of breaking the ECDSA algorithm aren't going to be very efficient and cost effective for most people because of their limitations in other areas.

Despite the initial cost of buying a quantum computer there's also the cost of maintenance. Current quantum computers are known to have heating issues because of the amount of work they're doing and the only effective cooling solution is to keep the room below 0 degrees. I'm not sure if you have tried to keep a rooms temperature below 0 before that thats extremely hard and expensive to do especially when something like a quantum computer is continuously generating heat when its operating. Thus I believe my point on being accessible to only a select few to be even more valid. Its not just the cost but the logistics of having a room dedicated to the computer and being cooled 24/7 for it to operate.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on June 25, 2019, 08:26:14 AM
Decided to move this to serious discussion considering the lack of activity but have now decided to move it back to Bitcoin development and technical discussion as I'm interested in hearing others opinions on the quantum computers currently and what they will be like in the future especially some of the links which have been posted in this thread.

I'll be keeping a set of useful quotes here with external links which I find interesting and would love to see some others expand on the existing discussion and hopefully offer some new information and insights.

Useful links posted on this topic:


First — probably you will be interested in reading about Neven's law (https://www.quantamagazine.org/does-nevens-law-describe-quantum-computings-rise-20190618/). It is not a "law" of course but an interesting thing to keep in mind.
Second — the most powerful quantum chip for today is 128-qubit chip produced by Rigetti (https://medium.com/rigetti/the-rigetti-128-qubit-chip-and-what-it-means-for-quantum-df757d1b71ea).
Third — how many quits you need to crack a blockchain. It depends on a type of encryption, but the point is, it is 2300+ (https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks)
Fourth — Intel thinks we'll get 1000 quits by 2024 (https://spectrum.ieee.org/nanoclast/computing/hardware/intels-new-path-to-quantum-computing) and ECDSA will be at risk by 2027 (https://arxiv.org/pdf/1710.10377.pdf).
Fifth — implement post-quantum encryption to existing blockchains? This is a close to impossible task.
Sixth — That's what NIST says about PQC in their project (probably all of you aware of it but https://csrc.nist.gov/Projects/Post-Quantum-Cryptography):


We've mentioned a few times how quickly this field is advancing... yesterday a team at the University of New South Wales announced they have achieved a
200x speed improvement on a 2 qubit gate! (https://www.sciencealert.com/quantum-scientists-have-built-the-first-silicon-two-qubit-gate-between-atom-qubits)

https://i.imgur.com/5JhQze4.png (https://www.youtube.com/watch?v=BcsdCMix1ns)


As I've mentioned before, I think that whilst a lot of work has gone into building quantum-resistant systems using classical computers, one of the best avenues of investigation is defence using quantum computers. There has been plenty of research into various methods of Quantum Key Distribution (https://en.wikipedia.org/wiki/Quantum_key_distribution), and this research continues with approaches such as Kak’s three-stage protocol (https://en.wikipedia.org/wiki/Three-stage_quantum_cryptography_protocol). Perhaps this will be quantum-attack-proof, or perhaps not. But the key here is that defence is actually moving faster than attack.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: AverageGlabella on June 25, 2019, 08:56:42 AM
I liked your first response and this one is okay too although there are a few issues but first I particularly like the angle you're coming from when talking about "Bitcoin encryption" the fact of the matter is Bitcoin doesn't have a set in stone encryption method and could move to any quantum resistant algorithm at any given time. This of course will probably cause mass instability like many have talked about and this is why Bitcoin is a great investment point. At the moment we have a growing technology which is far from perfect and will have several limiting factors in the future however the great thing about Bitcoin is it can evolve with new emerging technology and therefore become stronger with it.

I'd like to touch upon something that you avoided with the D-wave quantum computers.I think mentioning D-waves and not expanding on it could lead people to believe that they are a threat and I would like to explain why D-wave computers operate different to quantum computers that are capable of challenging the ECDSA. D-wave quantum computers use a process called annealing to search for solutions. Basically imagine quantum computers being a master of one thing and not a jack of all trades. D-waves are particularly good at finding solutions using quantum annealing while quantum computers that are capable of eventually breaking ECDSA are very efficient at factoring. Regarding the time span in which I think we will hit a 2000+ qubit computer I think it will only be a matter of a few years and will likely be before 2025. Quantum computers are being made more efficent at a rapid pace in the last few years. In 2017 we saw intel release a quantum computer with 17 qubits and then in 2018 we saw Google release a statement that they have a 72 qubit computer. Judging by these stats alone and the increasing enthusiasm behind developing the ultimate quantum computer I think 2025 is a realistic timeframe. However this doesn't mean that its cause for alarm right now but I will say that we should already be looking at solutions and be ready before that deadline is reached.  Don't worry behind the scenes many people are already working tirelessly and we will hopefully come to a unified conclusion however my predictions would be that there will be several splits in the community over which algorithm is used.  


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: arcmetal on June 25, 2019, 09:50:51 AM
Some may not like what I have to say about quantum computing, but so what.  You, Macadonian, may like what I have to say, since after reading my explanation below the simplest conclusion is that bitcoin has nothing to worry about as regards to quantum computing.

And so, here is my brief rant on quantum computing.

After having studied quantum mechanics for a long time I have found that all of those quirks or what they like to call "quantum weirdness", isn't weirdness at all but rather its the limitations of our devices that produce the illusions of weirdness.  All of the technology that has been used in the experiments to study quantum effects suffer from the problem that they are large gross machines compared to the tiny things we are trying to observe.  That is, our machines are crude, and they are taken to the limits of its properties to try and take measurements of stuff that is much smaller than the equipment at hand.  It is our crude observations which end up with what appears to be quantum weirdness.

In more recent experiments it gets continuously shown that things at that level actually behave in a "classical" sense, but appear to produce a more complex emergent behavior.  It is this complex emergent behavior which then gets labeled quantum weirdness.

And so, when it comes to building computing machines that will take advantage of this quantum wierdness, the actual devices will simply be employing a complex emergent classical property.  That is, the quantum computers will just be very advanced, very fast classical computer versions of what we have today. (can you see how I can find this topic of quantum computing to be rather silly).

If you are worried that a quantum computer can cause a collision with a bitcoin private key (like finding a key with someone's bitcoin), sure it could be possible.  But I do like reading about what an incredible machine it would take to do this.  Here is a great thread on this topic:
https://bitcointalk.org/index.php?topic=5147514.msg51224295#msg51224295

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: AverageGlabella on June 25, 2019, 10:52:21 AM
If you are worried that a quantum computer can cause a collision with a bitcoin private key (like finding a key with someone's bitcoin), sure it could be possible.  But I do like reading about what an incredible machine it would take to do this.  Here is a great thread on this topic:
https://bitcointalk.org/index.php?topic=5147514.msg51224295#msg51224295

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.
Just like personal computers used to be the size of the room do you think that quantum computers in the next 20 years will be able to downgrade their size to almost the size of a personal computer? Whenever discussion comes up with quantum computers Bremermann's limit always seems to be the counter argument to those defending Bitcoin's race against quantum computers. The thread you linked seems to have mentioned it fairly early on but that thread puts into perspective just how big the computer would have to be. The only argument is that we get better at producing and manufacturing quantum computers and downsize them.

I have the opinion that quantum computers will only bring positive change to Bitcoin and increase its security by changing to a different algorithm capable of outlasting quantum computers evolution. Its not like quantum computers will be increasing their power at a exponential growth that we won't be able to deploy quantum resistant algorithms. 


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on June 25, 2019, 11:10:29 AM
@averageglabella

Would you be able to elaborate on these issues that you have?

As for the implying that quantum computers are not a direct attack against Bitcoin for the algorithm it uses for encryption I think that's certainly true and the easy way of combating quantum computers would be to just change to a quantum resistant algorithm. I don't know too much about the quantum resistant algorithms out there today and which would be the better option for the Bitcoin community but I'd be interested in hearing some pros and cons from anyone who has knowledge in that field.

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.
Nice to hear from someone who has also studied quantum mechanics though I agree with your analysis and input. Although with your last statement about the code always being able to stay ahead of the machine is that necessarily true? As far as I know there aren't too many algorithms that would be suitable for use with Bitcoin because of some of the limitations and not too many have been developed in recent years however we seeing technology from a quantum computing aspect continue to develop at a rather impressive rate. My counter argument would be that a lot of time, money and energy is being put into quantum computers right now because its both exciting and useful however because currently there's nothing capable of breaking the majority of encryption algorithms out there we aren't necessarily looking to improve upon that yet because the current ones are good enough. Do you think the closer we get to quantum computers becoming a threat to encryption the more work that will be put into developing suitable algorithms?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on June 25, 2019, 12:17:55 PM
the easy way of combating quantum computers would be to just change to a quantum resistant algorithm.

Nice to hear from someone who has also studied quantum mechanics.

I did study quantum mechanics, but it is going back a few years and this is a fast-moving field.

With my admittedly limited expertise, I would agree with the point quoted above. Simplistically, outcomes in quantum mechanics occur when the quantum wave function collapses, and the act of interfering with ("measuring") a quantum system triggers this collapse. So whilst a true quantum computer would find cracking any classical encryption to be quite straightforward, using its immense power to simply brute-force its way through, a quantum encryption system is another matter entirely. Quantum encryption methods are theoretically tamper-proof and theoretically 100% secure, as any attempt to break the encryption collapses the wave function and destroys the ability to read the data. (You know the Schrödinger's Cat thought experiment? The cat is neither alive nor dead until the check is made - it exists in a superposed combination of states, and it is the act of checking that collapses the probability function into a definite alive or dead outcome.)

I say "theoretically" tamper-proof and "theoretically" 100% secure because as I say it's a fast-moving field and who knows what advances tomorrow may bring? But certainly quantum cryptography as currently understood should provide a very robust security mechanism.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on June 25, 2019, 06:49:03 PM
(You know the Schrödinger's Cat thought experiment? The cat is neither alive nor dead until the check is made - it exists in a superposed combination of states, and it is the act of checking that collapses the probability function into a definite alive or dead outcome.)

I say "theoretically" tamper-proof and "theoretically" 100% secure because as I say it's a fast-moving field and who knows what advances tomorrow may bring? But certainly quantum cryptography as currently understood should provide a very robust security mechanism.


I'm very familiar with the Schrodinger cat thought experiment and I've seen it mentioned several times here on this forum. I think the conclusion of this discussion is that right now in its current state is that quantum computers are a few years off from becoming a threat to traditional algorithms and even then Bitcoin already has options readily available to combat the issue when it does become a realistic threat.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: AverageGlabella on June 25, 2019, 06:53:01 PM
@averageglabella

Would you be able to elaborate on these issues that you have?
My main issue was not expanding on D-wave generation quantum computers enough for those that aren't familiar with them. A 2000 qubit quantum computer is a scary thought when first hearing that we are supposedly already capable of manufacturing them on mass. However I wanted to be clear that although it may well be true they don't work in the same way as the quantum computer which would become a threat to Bitcoins algorithm and are not very efficient at factoring.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on June 25, 2019, 07:53:54 PM
I did not want to go down the route of explaining why D-wave quantum computers are ineffective when it comes to the EDCSA because its a controversial topic which always seems to lead to deviating from the original discussion but the D-wave quantum computer has a totally different approach to normal quantum computers. D-wave is a quantum annealing where as the quantum computers which could effect Bitcoin in the future are using quantum circuits. The fundamental difference is that they approach two different solutions differently. They aren't even related to Bitcoin but a lot of people like to throw out d-wave and how 2000qubits is possible currently and basically scare monger that Bitcoin could be cracked at a moments notice which is just down right false. Actually I think most experiments and test runs on the D-wave has lead has to believe that its no more efficient than quantum computers with lesser qubits and is considered a gimmick within the quantum mechanic field.

As far as I'm concerned D-waves shouldn't have to be discussed when relating to Bitcoin because they are irrelevant.

I would like to expand on housing these d-wave quantum computers now that we are on the subject. Last going off they had to be cooled down to -273° C using a cryogenic cooling system which uses liquid nitrogen to sort the hydrogen isotopes. In short this means housing these things let alone getting them to run would be extremely expensive as this sort of cooling system needs to be controlled and done safely.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: arcmetal on June 26, 2019, 07:46:20 AM
If you are worried that a quantum computer can cause a collision with a bitcoin private key (like finding a key with someone's bitcoin), sure it could be possible.  But I do like reading about what an incredible machine it would take to do this.  Here is a great thread on this topic:
https://bitcointalk.org/index.php?topic=5147514.msg51224295#msg51224295

Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.
Just like personal computers used to be the size of the room do you think that quantum computers in the next 20 years will be able to downgrade their size to almost the size of a personal computer? Whenever discussion comes up with quantum computers Bremermann's limit always seems to be the counter argument to those defending Bitcoin's race against quantum computers. The thread you linked seems to have mentioned it fairly early on but that thread puts into perspective just how big the computer would have to be. The only argument is that we get better at producing and manufacturing quantum computers and downsize them.

I have the opinion that quantum computers will only bring positive change to Bitcoin and increase its security by changing to a different algorithm capable of outlasting quantum computers evolution. Its not like quantum computers will be increasing their power at a exponential growth that we won't be able to deploy quantum resistant algorithms. 
Correct.  I don't believe I'll see, in my lifetime, a so called quantum computer big enough to take down bitcoin in its current state.  As we agree, long before any large and powerful machine is constructed, the algorithms for bitcoin can be upgraded to deal with such a threat long before that hardware exists.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: arcmetal on June 26, 2019, 08:52:37 AM
Essentially they describe how if someone where to build a big enough computer to crack bitcoin in 2 minutes, say, maybe with a large "quantum computer", the bitcoin code can be upgraded to then make it near impossible again for that new machine to crack it.  The code can always stay ahead of the hardware.
Nice to hear from someone who has also studied quantum mechanics though I agree with your analysis and input. Although with your last statement about the code always being able to stay ahead of the machine is that necessarily true? As far as I know there aren't too many algorithms that would be suitable for use with Bitcoin because of some of the limitations and not too many have been developed in recent years however we seeing technology from a quantum computing aspect continue to develop at a rather impressive rate.
Yes, this will always be true.  The concepts in computer science are clear.  So it goes something like this:

You cannot write code for advanced hardware that doesn't exist yet. You can't run some fancy new hardware without the software to control it.  So, the hardware is built first, then code can be written for it.  But this new code for the fancy new hardware will surpass the hardware at some point.   Maybe its best to explain with an example:

Some new machine is built but the largest number its register's can hold is 1,000,000.  So we can't add two numbers, or multiply two numbers if the result is greater than 1,000,000.  Along comes some code that can use linked lists to create bigger numbers.  One link in the list can hold a number's large lower portion "900,000", the next link can hold the number's upper value of "1,000", put the two links together to get: "1,000,900,000". ... and the algorithms do the rest of adding, multiplying, manipulating those larger numbers even though the hardware can only handle numbers no greater than 1,000,000.  ... And so, we've made code that has surpassed the hardware's capabilities.

I can't go into the details of bitcoin's algorithms since I don't work with those, but some of the comments made by others are easy enough to follow.  I've read that bitcoin uses the family of SHA-2 algorithms, and at some point they can upgrade to the family of SHA-3 algorithms. ...  The total number of private bitcoin addresses is 2^160, which is close to 2^256 (for discussion purposes).  This number is close to 10^75, and for comparison there are about 10^78 atoms in the known universe.  This gives a clue as to how large the search space for locating a private address can be.

From the thread I posted above: It would be possible to build a machine that can search for and find a non-empty private address.
If you build a Bremermann computer the size of Earth, you could crack a key in 2 minutes.
given the 2^256 search space.  But if we simply made the search space bigger, say: 2^512, then we'd be back to requiring the Bremermann computer the size of the Earth to take as long as the age of the universe to try and find a private key.

My counter argument would be that a lot of time, money and energy is being put into quantum computers right now because its both exciting and useful however because currently there's nothing capable of breaking the majority of encryption algorithms out there we aren't necessarily looking to improve upon that yet because the current ones are good enough. Do you think the closer we get to quantum computers becoming a threat to encryption the more work that will be put into developing suitable algorithms?
Most of the work for the next levels of algorithms has already been done.  What is left to do is a bit more testing, and then incorporation into the bitcoin core, this is not trivial.  But with the current state of computers its not really necessary right now, there is plenty of time to get it right.

From my first comment above you can gather that I think the whole "quantum computer" thing is a bit of a silly pursuit, since current classical computers will eventually catch up to the proposed theoretical properties of quantum computers.  But silly pursuits can sometimes hit upon new discoveries, and new technologies, so its not a total waste of time.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Pmalek on June 26, 2019, 10:26:08 AM
Who knows what the future might hold. I don't have the technical knowledge that OP and AverageGlabella clearly have but I can say this.

50+ years ago my father used to work on these big bastards, the source says that it could store up to 5 MB of data.
https://www.reddit.com/r/interestingasfuck/comments/6z95zz/first_computer_by_ibm/

https://talkimg.com/images/2023/11/12/zXpvf.jpeg

He was a programmer and wrote programs for these computers. He had health issues so he had to retire early. He hasn't been interested in computers and never showed any interest in using one ever since which I frankly find unbelievable but it is what it is.

The first time I bought a USB stick and he saw it he asked me what it was.
So how much data can you put on that thing he said?
1GB! He just stopped and looked at me trying to figure out how much that is in B or KB because those are the two important units that mattered to him back when he was working.

What I am trying to say is although it is impossible to imagine quantum computers being a threat to bitcoin now, who knows what advancements will be made in 40-50 years. My father and his partners knew about KBs and a 5MB storage device taking up the whole room was probably the most advanced thing they could ever think about. They probably didn't even dream about a pocket sized device that you can plug in in a small opening at the side of your laptop (what in God's name is a laptop)!


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on June 26, 2019, 07:26:41 PM
Some new machine is built but the largest number its register's can hold is 1,000,000.  So we can't add two numbers, or multiply two numbers if the result is greater than 1,000,000.  Along comes some code that can use linked lists to create bigger numbers.  One link in the list can hold a number's large lower portion "900,000", the next link can hold the number's upper value of "1,000", put the two links together to get: "1,000,900,000". ... and the algorithms do the rest of adding, multiplying, manipulating those larger numbers even though the hardware can only handle numbers no greater than 1,000,000.  ... And so, we've made code that has surpassed the hardware's capabilities.
Thanks again for your input you definitely have a little bit more knowledge than myself when it comes to algorithms and how they are coming along. I only know the very basic parts of that whole sequence of implementing and testing. I know and understand how quantum resistant algorithms work and that they already exist. However never knew how suitable they were to the Bitcoin project and its "guidelines" that its followed over the years. I've always assumed that there's no rush for implementing an algorithm which could potentially affect the stabilization of Bitcoin so early on when there's no threat at the moment. Especially since when the time comes we might need to change again because as you say this field is a ever evolving system which does bring more discoveries every day. I would actually go forward and say computers in general are the leading industry in new discoveries ever since the basic computer was invented.

The example I quoted I think is the best explanation I've seen when coming to discuss quantum computers and the current limitations within the field. I've always considered that you need a computer to write the code a computer that is capable of writing the code and then the code side of things will evolve beyond the capabilities of the computer. However the linking together is a excellent way of demonstrating how this is actually achieved.

Who knows what the future might hold. I don't have the technical knowledge that OP and AverageGlabella clearly have but I can say this.

50+ years ago my father used to work on these big bastards, the source says that it could store up to 5 MB of data.
https://www.reddit.com/r/interestingasfuck/comments/6z95zz/first_computer_by_ibm/
The reasons you have listed here are the exact reasons why I'm very interested in the current price it takes to operate a quantum computer specifically (because its now been mentioned) the D-wave quantum computer which to run requires being housed in a room at an incredible -273° C. The interesting part of this is its not a computer limitation or anything like that but a environment one. No matter how efficient we make things it doesn't look like we'll be able to cheaply make a room at -273° C. Yes with better technology we will probably see quantum computers not having to work so hard but as physics goes the amount of energy that goes into things you can expect less out of it. Which in my eyes I can't see us ever being able to cheaply operate a rooms temperature at such low levels for the duration of the time the quantum computer needs to operate. We could in the future have an unlimited qubit quantum computer able to crack things in seconds and therefore the running time wouldn't be long which in effect would reduce the cost of this however what I'm trying to get at is this will be an extremely long way off and quantum computers on mass will likely not be a problem for many many years.

The reason why I'm concentrating on the operating costs and the logistics of running something capable of breaking algorithms is that even if a quantum computer was theoretically released tomorrow with the required amount of qubits to breach algorithms it would still only limited to a few individuals which might not have any malicious intent meaning it might not even be a threat anyway. Regardless whether this is true or not obviously we would need to be prepared for the worst case scenario which I do believe judging on others comments on this thread we'll be ready with the technology already available at our disposal.   


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: AverageGlabella on June 26, 2019, 08:14:09 PM
Who knows what the future might hold. I don't have the technical knowledge that OP and AverageGlabella clearly have but I can say this.
I think its worth mentioning that we shouldn't not be discrediting @arcmetal as they have demonstrated knowledge I would expect from a seasoned veteran in the quantum mechanic field. Not to assume they aren't of course but its a breath of fresh air as I have been complaining about the state of Bitcoin discussion and serious discussion not being active enough in the past. The two combined are some of the most surprising members of the forum I've come across the amount of effort that goes into their posts I'm unsure why you guys aren't already receiving the attention you deserve.  Most of the other threads discussing quantum computers are filled with generic answers such as "It will never happen" and all that bogus.

The reason why I'm concentrating on the operating costs and the logistics of running something capable of breaking algorithms is that even if a quantum computer was theoretically released tomorrow with the required amount of qubits to breach algorithms it would still only limited to a few individuals which might not have any malicious intent meaning it might not even be a threat anyway. Regardless whether this is true or not obviously we would need to be prepared for the worst case scenario which I do believe judging on others comments on this thread we'll be ready with the technology already available at our disposal.  
My personal view point is it all of this doesn't really matter in the grand scheme of things. I like to be more literal and straight to the point. We know the potential threat that is quantum computers. We know the the weak point in the technology Bitcoin is currently using and finally we know how to combat that. I know we have spoken about using an address only once but the majority of people will not go into that effort so the easiest and most efficient way of dealing with this while continuing the usability of Bitcoin would be to deploy a quantum resistant algorithm which I can guarantee is being worked on in the background as we speak.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on June 27, 2019, 02:11:04 PM
cheaply make a room at -273° C.

... Then we get into the possibility of power from nuclear fusion. I know it's one of those things that is always 'a few years away' - but cheap energy (free? unlimited?) is getting closer all the time.

I think this kind of highlights the fact that technology is racing ahead of us, and it won't be long before it goes way beyond the ability of mere humans to understand, and it is computers themselves doing the thinking and theorising. The most promising form of defence against quantum attacks currently under development seems to be NTRU, which relies on some quite esoteric lattice-based maths which is frankly already beyond my ability to comprehend. In a few years' time I can imagine that it is computers themselves coming up with these models, and humans struggling to keep up. It's an infinite arms race into the distance really. So long as there is one side attacking and another side defending, it's difficult to see where it will stop - unless there is some fundamental facet of quantum mechanics that provides a final barrier to one or both sides.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: arcmetal on June 28, 2019, 02:46:50 AM
... In a few years' time I can imagine that it is computers themselves coming up with these models, and humans struggling to keep up. It's an infinite arms race into the distance really. So long as there is one side attacking and another side defending, it's difficult to see where it will stop - unless there is some fundamental facet of quantum mechanics that provides a final barrier to one or both sides.
To a certain extent I've already seen this starting to happen.   :)  I spend my time dealing with learning algorithms, pattern recognition, sometimes termed AI.  Within the process of training these little AI networks, the algorithms produce their own algorithms to then produce the results I'm trying to make them achieve.  But at the end of this training, I, "the human", does not understand how the AI decided to produce these final algorithms. Or rather I struggle to find the reasons for its internal organization.  I did program it, but my programming is just a crucible I've created to foster the growth of these AI networks.  (I have been told by some of my benefactors that I musn't mention this odd behavior of my working networks to others.  The higher ups may not like it.  But I still find it curious.)

This concept exists throughout the AI algorithms that are currently spreading into almost everywhere it can fit.

...

Getting back to the OP.  My first reaction to having read that "someday some quantum computer may break bitcoin", was to think that the commentator doesn't understand "quantum" computers, and doesn't understand that bitcoin is programmable.  Regardless, I see it as just a comment to spread fud, to make people think that bitcoin was going to crack under a large enough computer.  Its almost as bad as the fud remark that says "any day now bitcoin's creator is going to show up and use his back door to steal your bitcoins".  In this case the commentator does not understand what is open source.   These sorts of fud remarks will continue to spread until the majority become informed about bitcoin's basics.  Until then, its up to us here to continue to teach the rest.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on June 28, 2019, 07:29:06 AM
the algorithms produce their own algorithms to then produce the results I'm trying to make them achieve.  But at the end of this training, I, "the human", does not understand how the AI decided to produce these final algorithms.

Just a quick comment on this because I don't want to derail the thread. The evolution of AlphaGo I think demonstrates how quickly things are moving. A few years ago everyone was saying a machine could never beat the world's best Go players. Then (2015?) AlphaGo was developed and trained initially by humans through the input of a vast number of previous games. Learning algorithms subsequently built on this, but there was a big human input, guided by Go experts, and a lot of reliance on just brute-forcing the calculations. In 2016 it beat the world's best human player quite comprehensively.

The 2017 follow-up was AlphaGo Zero. This time they just fed it the rules and nothing else. They got it to teach itself. Within a short time they put it up against the original AlphaGo, and the entirely self-taught version won 100-0. It is indeed reaching the stage where computers aren't just better than humans at calculating, they're also better at learning how to calculate, and at learning how to learn. There is some exciting (scary?) emergent behaviour coming out of this.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: arcmetal on June 28, 2019, 08:17:43 AM
the algorithms produce their own algorithms to then produce the results I'm trying to make them achieve.  But at the end of this training, I, "the human", does not understand how the AI decided to produce these final algorithms.

Just a quick comment on this because I don't want to derail the thread. The evolution of AlphaGo I think demonstrates how quickly things are moving. A few years ago everyone was saying a machine could never beat the world's best Go players. Then (2015?) AlphaGo was developed and trained initially by humans through the input of a vast number of previous games. Learning algorithms subsequently built on this, but there was a big human input, guided by Go experts, and a lot of reliance on just brute-forcing the calculations. In 2016 it beat the world's best human player quite comprehensively.

The 2017 follow-up was AlphaGo Zero. This time they just fed it the rules and nothing else. They got it to teach itself. Within a short time they put it up against the original AlphaGo, and the entirely self-taught version won 100-0. It is indeed reaching the stage where computers aren't just better than humans at calculating, they're also better at learning how to calculate, and at learning how to learn. There is some exciting (scary?) emergent behaviour coming out of this.

It is this very interesting emergent behavior that I find curious.  One can write code to enable these artificial networks to learn on their own, even though it is very tricky to do so.  A slight change in the parameters for the network's environment and we end up with large instabilities in the network's internal architecture, which produce garbage.  These systems are difficult to stabilize, but once the right parameters are found the networks can produce solutions on their own.

And so, some seem so worried about the fast and powerful quantum computers, but maybe some should actually be worried about an AI building its own algorithm to find a private key, and us humans are left not understanding how it did it.

hehe, of course, I know full well that AIs are still too primitive for any such silly notions.  And I ignore to comment on those that mention "the singularity" since its just nonsensical fantasy.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on June 28, 2019, 08:32:20 AM
I suppose the final question that sits beneath everything else is: is self-consciousness itself an emergent behaviour? I'm still unsure about the singularity, I take your point, but I won't dismiss it completely until this question has a definitive answer. Stuff that seems magical fantasy today could be mundane and commonplace to the AIs of the future.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on June 28, 2019, 07:58:35 PM
... Then we get into the possibility of power from nuclear fusion. I know it's one of those things that is always 'a few years away' - but cheap energy (free? unlimited?) is getting closer all the time.

I think this kind of highlights the fact that technology is racing ahead of us, and it won't be long before it goes way beyond the ability of mere humans to understand, and it is computers themselves doing the thinking and theorising. The most promising form of defence against quantum attacks currently under development seems to be NTRU, which relies on some quite esoteric lattice-based maths which is frankly already beyond my ability to comprehend. In a few years' time I can imagine that it is computers themselves coming up with these models, and humans struggling to keep up. It's an infinite arms race into the distance really. So long as there is one side attacking and another side defending, it's difficult to see where it will stop - unless there is some fundamental facet of quantum mechanics that provides a final barrier to one or both sides.
Nuclear fusion is something which is getting closer by the day in fact in Boston they recently got a 50 million dollar dollar investment for their nuclear reactor. They believe they've sussed out the laws and its only a matter of building the plant. The theory has always been there and theoretically its safer than other traditional nuclear power management systems however we must consider chernobyl was considered safe no matter what due to the fail safe system they had in place. A great program was recently released which showed how out of depth they really were and this start up in Boston that claims to have all the answers and the only missing puzzle piece is actually building it has no track record. Therefore despite the claims of nuclear fusion being the future we have to consider how far and how many hurdles we are yet to hit.

Despite the lack of experience lets assume that all goes well and nuclear fusion becomes a thing. How accessible will this be to the public? Do we really believe energy companies will be providing cheap energy via nuclear fusion or will this still be reserved for the elite very much like quantum computers?

We also have to consider the moral obligations and the public viewpoint of nuclear power. At the moment there are multiple different organizations which are trying to combat the development of nuclear power plans and which could put a halt to nuclear fusion. I'm actually for the development of nuclear energy and providing a more efficient energy system but I can understand the concerns about accidents and management of waste and how it can literally destroy the environment it is in.

In conclusion even if nuclear fusion becomes a thing in the next few years and quantum computers could be cooled at the temperature required at a decent price I highly doubt that other than the wealthy elite the power of nuclear energy will not be easily accessible.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: UnruffledST on July 06, 2019, 08:22:23 PM
Didnt bother to read all the replies but seriously you think Bitcoin has a option at the moment to really implement quantum resistant cryptography? Bitcoin beings so slow, would we even slower due to transactions taking lonher to verify due to the complexity in confirming such transactions.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: AverageGlabella on July 08, 2019, 05:32:27 PM
Didnt bother to read all the replies but seriously you think Bitcoin has a option at the moment to really implement quantum resistant cryptography? Bitcoin beings so slow, would we even slower due to transactions taking lonher to verify due to the complexity in confirming such transactions.



That's the point of reading all the replies. This not a discussion about quantum computers becoming a problem currently but in the future and how we would deal with that. We have touched upon why it hasn't been implemented currently a few times in the discussion and although you do bring up a point of making Bitcoin unnecessarily slow right now in the future it is something that will have to happen if we ever do reach the point of a 2000+ qubit quantum computer or whatever would be the required amount to become a serious threat to the algorithm.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: TimeBits on July 08, 2019, 08:54:36 PM
Decided to move this to serious discussion considering the lack of activity on Bitcoin Discussion I'm interested in hearing others opinions on the quantum computers currently and what they will be like in the future.

Anything compiled using AES is already crackable with the computers we have today, When satoshi created bitcoin he did not know wtf a Asic was, he Had no clue asics would come into existence. Wait till asic2.0`s come online. They will be able to crack AES even easier. There will be a single chip made that has more hashing power than all of the bitcoin farms combined in the next 20 years.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: arcmetal on July 09, 2019, 03:29:48 AM
Didnt bother to read all the replies but seriously you think Bitcoin has a option at the moment to really implement quantum resistant cryptography? Bitcoin beings so slow, would we even slower due to transactions taking lonher to verify due to the complexity in confirming such transactions.



That's the point of reading all the replies. This not a discussion about quantum computers becoming a problem currently but in the future and how we would deal with that. We have touched upon why it hasn't been implemented currently a few times in the discussion and although you do bring up a point of making Bitcoin unnecessarily slow right now in the future it is something that will have to happen if we ever do reach the point of a 2000+ qubit quantum computer or whatever would be the required amount to become a serious threat to the algorithm.
Quite correct AverageGlabella.  Concerning whether adding more complexity to bitcoin's code would slow it down in the future: I hate to state the obvious but, whatever. In the future, if or when it is necessary to add more code, the hardware in general will be orders of magnitudes faster.  That is, processing and therefore communications will be much faster, and so increasing the amount of code necessary to complete a transaction will be of no consequence.  It is difficult for humans to discern the difference between 10 nanoseconds and 100 nanoseconds, adding more code will not be noticed with much faster hardware.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: arcmetal on July 09, 2019, 03:44:50 AM
I suppose the final question that sits beneath everything else is: is self-consciousness itself an emergent behaviour? I'm still unsure about the singularity, I take your point, but I won't dismiss it completely until this question has a definitive answer. Stuff that seems magical fantasy today could be mundane and commonplace to the AIs of the future.
The problem is that we are extremely far from understanding how our brains function.  So far in fact from knowing, that we could be thousands of years or maybe millions of years from this type of understanding.  We just don't know how much we don't know.

Take for example, having read recently that they have discovered tiny tubules at the ends of dendrites.  They suspect that besides transferring chemicals and electrical impulses at the synapses, we may also be transmitting bits of light (some call it photons) across that junction.  This could mean that our brains are actually photonic in nature.  This is what I mean by "we have no clue".

We can't replicate it or build it into a machine until we have a full understanding of it.

It is still fun to ponder what self-consciousness might be, but to say we can build a machine to mimic this, or that one of our machines will happen upon it one day is just silly.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: myternity on July 09, 2019, 03:13:54 PM
Hello everybody. Nice to meet so many people interested in quantum threat to a blockchain in one place. We've been working on one post-quantum project for 2 years and of course we're talking with physicists, pq-cryptographers and other academic minds. And I just want to add a couple things and links you guys might like.
 
First — probably you will be interested in reading about Neven's law (https://www.quantamagazine.org/does-nevens-law-describe-quantum-computings-rise-20190618/). It is not a "law" of course but an interesting thing to keep in mind.
Second — the most powerful quantum chip for today is 128-qubit chip produced by Rigetti (https://medium.com/rigetti/the-rigetti-128-qubit-chip-and-what-it-means-for-quantum-df757d1b71ea).
Third — how many quits you need to crack a blockchain. It depends on a type of encryption, but the point is, it is 2300+ (https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks)
Fourth — Intel thinks we'll get 1000 quits by 2024 (https://spectrum.ieee.org/nanoclast/computing/hardware/intels-new-path-to-quantum-computing) and ECDSA will be at risk by 2027 (https://arxiv.org/pdf/1710.10377.pdf).
Fifth — implement post-quantum encryption to existing blockchains? This is a close to impossible task.
Sixth — That's what NIST says about PQC in their project (probably all of you aware of it but https://csrc.nist.gov/Projects/Post-Quantum-Cryptography):
Quote
Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure.  Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.

So, yes, quantum threat is a thing to be aware (and probably afraid of) and yes, we gotta start working on it now. Plus, thanks to smart people from NIST we're in good hands. Btw we're working on a utility to secure all of the blockchains from it. I hope this week we'll publish an article about quantum thief where we will explain why the only thing that will save us from it is game theory (and PQC, of course).

I hope I didn't miss anything. Will be happy to answer your questions (but I can get here only a couple times per week max so don't wait for fast replies, sorry)


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: TheWolf666 on July 09, 2019, 06:16:20 PM
Quantum computers are not going to replace the computers as we know them. They can be considered like a GPU that will be attached to a normal computer, providing speed for some limited operations. Their usage will be very limited specially at the beginning and their price very high.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on July 09, 2019, 07:18:22 PM
Hello everybody. Nice to meet so many people interested in quantum threat to a blockchain in one place. We've been working on one post-quantum project for 2 years and of course we're talking with physicists, pq-cryptographers and other academic minds. And I just want to add a couple things and links you guys might like.
 
First — probably you will be interested in reading about Neven's law (https://www.quantamagazine.org/does-nevens-law-describe-quantum-computings-rise-20190618/). It is not a "law" of course but an interesting thing to keep in mind.
Second — the most powerful quantum chip for today is 128-qubit chip produced by Rigetti (https://medium.com/rigetti/the-rigetti-128-qubit-chip-and-what-it-means-for-quantum-df757d1b71ea).
Third — how many quits you need to crack a blockchain. It depends on a type of encryption, but the point is, it is 2300+ (https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks)
Fourth — Intel thinks we'll get 1000 quits by 2024 (https://spectrum.ieee.org/nanoclast/computing/hardware/intels-new-path-to-quantum-computing) and ECDSA will be at risk by 2027 (https://arxiv.org/pdf/1710.10377.pdf).
Fifth — implement post-quantum encryption to existing blockchains? This is a close to impossible task.
Sixth — That's what NIST says about PQC in their project (probably all of you aware of it but https://csrc.nist.gov/Projects/Post-Quantum-Cryptography):
Quote
Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure.  Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.

So, yes, quantum threat is a thing to be aware (and probably afraid of) and yes, we gotta start working on it now. Plus, thanks to smart people from NIST we're in good hands. Btw we're working on a utility to secure all of the blockchains from it. I hope this week we'll publish an article about quantum thief where we will explain why the only thing that will save us from it is game theory (and PQC, of course).

I hope I didn't miss anything. Will be happy to answer your questions (but I can get here only a couple times per week max so don't wait for fast replies, sorry)
I'm interested on your take on your 5th point. Its quite a bold claim that has been disputed over in the development sub forum and here by some pretty bright minds. Why do you think its an impossible task? I think its difficult for a number of reasons including but not limited to the consumer issues that would come with bigger such a big change. As far as I know there are many different projects working on including quantum resistant algorithms into the existing infrastructure of Bitcoin and they are making good progress. The only issue with that is this would require a hard fork and there will be multiple different options to choose from. I would be interested in getting achows opinion on the matter but I'm afraid that discussion about quantum computers would quickly get buried.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: myternity on July 10, 2019, 03:26:27 AM
I'm interested on your take on your 5th point. Its quite a bold claim that has been disputed over in the development sub forum and here by some pretty bright minds. Why do you think its an impossible task? I think its difficult for a number of reasons including but not limited to the consumer issues that would come with bigger such a big change. As far as I know there are many different projects working on including quantum resistant algorithms into the existing infrastructure of Bitcoin and they are making good progress. The only issue with that is this would require a hard fork and there will be multiple different options to choose from. I would be interested in getting achows opinion on the matter but I'm afraid that discussion about quantum computers would quickly get buried.
Yes, I should've probably disclose in more details.
When we say "it is quantum safe signature" we imply "it is probably quantum safe signature" due to the fact that someone had already mentioned in this thread, we don't have a quantum computer yet. What we need here is a solution with an encryption variability to have the opportunity to transfer new keys for the analogues of old addresses after hard fork. If we won't have this feature we'll have to make multiple hard forks with every "new" quantum computer. Another reason is a performance decline because a lot of PQ sigs are "heavier". Everybody are waiting for NIST PQC results. Actually this is what one of our products is about and this is one point of the articles. So it is difficult as a one time task but if you do it several times it requires an architecture rebuilt to make it easy and reliable. Plus we're talking not only Bitcoin but any other blockchain.
So it is an issue.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: PrimeNumber7 on July 10, 2019, 06:53:00 AM
The reason why I'm concentrating on the operating costs and the logistics of running something capable of breaking algorithms is that even if a quantum computer was theoretically released tomorrow with the required amount of qubits to breach algorithms it would still only limited to a few individuals which might not have any malicious intent meaning it might not even be a threat anyway.
I speculate, most likely it will be a government - one of the five eyes (https://en.wikipedia.org/wiki/Five_Eyes), or China - or an entity that is a de-facto arm of a government, and I think they will absolutely be a malicious actor. It will be in this entity's interest to keep the fact they have the QC technology sufficient to break ECDSA and other encryption algorithms a state secret because it will allow their government to spy on their enemies for longer.

If a government develops QC technology that can be run efficiently, and use said technology to steal a few hundred thousand bitcoins, the coin they steal would be worth billions as of when they steal the coin, but its value would quickly plummet once many people start complaining their coin was stolen after practicing good security practices. It would also be a warning to other governments, banks, communications companies, and others to upgrade their encryption systems ASAP, and to stop using "now broken" encryption systems immediately, even if this means taking services offline for some time.

If a government were to develop QC tech that can efficiently break modern encryption algorithms, I think they would prefer to use it to decrypt intercepted communications via the internet and elsewhere, with the hope their enemies will continue using "broken" encryption algorithms. Last month, a bunch of European internet traffic was rerouted via China (https://www.zdnet.com/article/for-two-hours-a-large-chunk-of-european-mobile-traffic-was-rerouted-through-china/) for two hours, and there have been similar incidents  (https://arstechnica.com/information-technology/2018/11/major-bgp-mishap-takes-down-google-as-traffic-improperly-travels-to-china/) before. These incidents could be true errors, or they could have been the Chinese government collecting encrypted internet traffic hoping to decrypt it, with current or future technology.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 10, 2019, 07:45:17 AM
Nuclear fusion [...] theoretically its safer than other traditional nuclear power management systems however we must consider chernobyl was considered safe

We also have to consider the moral obligations and the public viewpoint of nuclear power. [...]  I can understand the concerns about accidents and management of waste and how it can literally destroy the environment it is in.

Fusion is an entirely different process to traditional nuclear power - in fact it's the exact opposite. It doesn't use radioactive decay at all.

Nuclear power as we know it today is produced by fission. Essentially fission is where heavy atoms (uranium) are bombarded by neutrons, which causes them to split and release energy. The neutrons that come out of this fission then hit other heavy atoms and can cause a chain reaction. It can be a runaway process, and controlling it is kind of analogous to a brake pedal - someone at the plant always has their foot on this metaphorical pedal in order to keep the reactions under control. There are obviously a lot of dangerous by-products, partly the leftover split atoms, but also (more dangerous) heavy atoms that absorb neutrons but don't split, and can become some nasty forms of plutonium.

Fusion is the opposite. This is where light atoms (hydrogen isotopes) are fused together to form helium, neutrons and vast amounts of energy - a lot more than fission. Two further benefits are that a) there is no dangerous waste as both the source materials and the waste products (helium plus neutrons) are non-radioactive, and b) there is no danger of an uncontrollable chain reaction because fusion relies on the continuous input of power, if the power stops then the reaction cools and stops.


Do we really believe energy companies will be providing cheap energy via nuclear fusion

Not sure about this one. In theory if fusion becomes straightforward and it's an open marketplace, then companies will compete to drive the price down. If it's all state-controlled or a monopoly though, who knows...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 10, 2019, 08:30:45 AM
Quantum computers are not going to replace the computers as we know them. They can be considered like a GPU that will be attached to a normal computer, providing speed for some limited operations. Their usage will be very limited specially at the beginning and their price very high.

I agree that quantum computing doesn't offer an advantage in every situation. I think there is often a perception that quantum computers are just faster than conventional computers, but that's not really the case. Where they excel is in dealing with extremely complex problems. The advantage of a quantum computer is that the complexity scales differently.

A conventional computer can solve a problem 'x' in 'y' seconds, taking 'z' number of steps.
If you build a faster conventional computer, it can maybe solve problem 'x' in 'y/2' seconds, so twice as fast - but it will still take 'z' number of computational steps to do so.
The advantage of a quantum computer is that it can drastically reduce 'z', the number of steps required. This is why they are 'faster'.

It's quite fascinating when you get into it. If you are interested, have a look at Grover's algorithm (https://en.wikipedia.org/wiki/Grover%27s_algorithm).


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: arcmetal on July 10, 2019, 09:10:23 AM
Do we really believe energy companies will be providing cheap energy via nuclear fusion

Not sure about this one. In theory if fusion becomes straightforward and it's an open marketplace, then companies will compete to drive the price down. If it's all state-controlled or a monopoly though, who knows...


The problem has always simply been that power generation is centralized, concentrated in a few hands.  Large power plants producing it, and large elaborate distribution lines to deliver it.  This is not how it could have been, but a few decided it should be this way, for obvious reasons, for the sake of profit.

But things have been slowly changing since solar panels have been mass produced, getting cheaper, and gaining in efficiencies.  With decentralized power ( ... decentralized, funny aye  :P)  there would be no need for large power plants or expansive distribution networks.  At worst there may still be a need for small local power distribution centers for emergencies, but nothing more.  ... The cost would solely be the production, and installation of the solar panel hardware, and the energy free.  There has always been animosity from those that wish to profit from centralized power, and this will continue until the end.  The end being fully decentralized power.

Throughout history energy has been commoditized, but in this modern age this is no longer necessary.   In this universe, besides space and time, energy is the most abundant thing.  The water we drink, or the oxygen we breathe is far more rare than energy, and yet we pay each month for power.

Nuclear power, fission or fusion, when developed enough, and made small enough will be useful for areas that have little to no access to the sun.  Like maybe Pluto.  :)   Or, interstellar travel.

I don't see free power as a threat to bitcoin.  Free power may seem to make the cost of producing btc less, but then any extra cash a miner has would be used for more mining hardware, increasing btc's difficulty, which increases its cost of production, which helps to increase its price, and so on.  


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: michellee on July 10, 2019, 11:09:47 AM
I don't make a research about quantum computing and I don't have any knowledge about that, I only user but I know a little about computer. My opinion, no matter if there are the newest computer design or technology, it will not threaten bitcoin but it will support the network so bitcoin or cryptocurrency could grow more than we thought.

Maybe the newest computer will solve the calculation of bitcoin mining so it could break every problem in the bitcoin mining. Like what we see on the bitcoin mining process, we see the newest GPU release and help the mining process. That will happen too with the quantum computing so it will support and help cryptocurrency.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on July 12, 2019, 05:31:24 PM

Maybe the newest computer will solve the calculation of bitcoin mining so it could break every problem in the bitcoin mining. Like what we see on the bitcoin mining process, we see the newest GPU release and help the mining process. That will happen too with the quantum computing so it will support and help cryptocurrency.
This is not how quantum computers work however if this was possible then this would be very bad for Bitcoin. The difficulty would have to increase so much that it would outprice almost everyone out of the market meaning only those that can afford the hashrate of these "super computers" that the general consumer would not be able to mine new Bitcoin. Bitcoin would become a currency only used by the very wealthy elite of the world. Luckily quantum computers aren't going to be useful for mining and are currently only good for solving problems using factoring. Which means they will be very good at certain things but overall not that good even for a personal computer. They are very good at cracking algorithms especially the one that Bitcoin is currently using.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on July 14, 2019, 04:04:19 PM
The problem has always simply been that power generation is centralized, concentrated in a few hands.  Large power plants producing it, and large elaborate distribution lines to deliver it.  This is not how it could have been, but a few decided it should be this way, for obvious reasons, for the sake of profit.

But things have been slowly changing since solar panels have been mass produced, getting cheaper, and gaining in efficiencies.  With decentralized power ( ... decentralized, funny aye  :P)  there would be no need for large power plants or expansive distribution networks.  At worst there may still be a need for small local power distribution centers for emergencies, but nothing more.  ... The cost would solely be the production, and installation of the solar panel hardware, and the energy free.  There has always been animosity from those that wish to profit from centralized power, and this will continue until the end.  The end being fully decentralized power.

Throughout history energy has been commoditized, but in this modern age this is no longer necessary.   In this universe, besides space and time, energy is the most abundant thing.  The water we drink, or the oxygen we breathe is far more rare than energy, and yet we pay each month for power.

Nuclear power, fission or fusion, when developed enough, and made small enough will be useful for areas that have little to no access to the sun.  Like maybe Pluto.  :)   Or, interstellar travel.

I don't see free power as a threat to bitcoin.  Free power may seem to make the cost of producing btc less, but then any extra cash a miner has would be used for more mining hardware, increasing btc's difficulty, which increases its cost of production, which helps to increase its price, and so on.  

Although most countries charge for power they also charge for water and can sometimes be very expensive depending on the country that you live in. I would essentially agree with most of your points other than the statement that bigger and more industrialized power plants won't be needed when we are relating it back to quantum computers. In general life I would agree but when providing the energy necessary to house a quantum computer and run it at its most efficient conditions this would probably not be sufficient with solar panels or would be a logistical nightmare.  Nuclear fusion will probably be used but as you touched upon this will be in the hands of the few and I don't think a cheap and efficient solution like nuclear fusion (in theory) will be distributed to the masses. This will probably be something which is exclusive to governments and I can see them justifying this by stating that nuclear fusion is dangerous and is frowned upon by most of the world however they need to have emergency fail safes in place just in case their country goes without power. Playing on peoples heartstrings about keeping hospitals running and saving lives and that will be the only reason I can see nuclear fusion being first of all accepted by the community and secondly developed by the government. They'll use it for emergencies and military operations only. However who's not to say that they won't run their quantum computers off of this energy and deem it military operations. After all factoring could break many different algorithms and they could potentially get intel from their enemies. Bitcoin will probably be an enemy to the governments and who's to say they won't try attacking it. This is all based on assumption and is all theoretically however I do like to imagine the sort of power which would come with quantum computers running on nuclear fusion. Luckily the masses won't have access to both of these technologies and only governments and possibly the wealthy elite will which means there aren't too many potential attackers to the current algorithm that Bitcoin uses. Which probably means that we have an increased amount of time to figure out the steps in protecting against quantum computers.

Quantum computers are not going to replace the computers as we know them. They can be considered like a GPU that will be attached to a normal computer, providing speed for some limited operations. Their usage will be very limited specially at the beginning and their price very high.

I agree that quantum computing doesn't offer an advantage in every situation. I think there is often a perception that quantum computers are just faster than conventional computers, but that's not really the case. Where they excel is in dealing with extremely complex problems. The advantage of a quantum computer is that the complexity scales differently.

A conventional computer can solve a problem 'x' in 'y' seconds, taking 'z' number of steps.
If you build a faster conventional computer, it can maybe solve problem 'x' in 'y/2' seconds, so twice as fast - but it will still take 'z' number of computational steps to do so.
The advantage of a quantum computer is that it can drastically reduce 'z', the number of steps required. This is why they are 'faster'.

It's quite fascinating when you get into it. If you are interested, have a look at Grover's algorithm (https://en.wikipedia.org/wiki/Grover%27s_algorithm).

I have mentioned in a couple of my replies that quantum computers are exceptional at only certain tasks but actually quite lackluster in other areas. They are not personal computers and wouldn't be useful to the majority of people. However those that are looking to crack currently used algorithms and via using the quantum computers exceptional talent at factoring they are very useful. Even if quantum computers became available to the masses it just wouldn't appeal to them. I don't have any interest in cracking algorithms for an example but militaries and governments probably do. Enemies to Bitcoin probably do.

I speculate, most likely it will be a government - one of the five eyes (https://en.wikipedia.org/wiki/Five_Eyes), or China - or an entity that is a de-facto arm of a government, and I think they will absolutely be a malicious actor. It will be in this entity's interest to keep the fact they have the QC technology sufficient to break ECDSA and other encryption algorithms a state secret because it will allow their government to spy on their enemies for longer.

If a government develops QC technology that can be run efficiently, and use said technology to steal a few hundred thousand bitcoins, the coin they steal would be worth billions as of when they steal the coin, but its value would quickly plummet once many people start complaining their coin was stolen after practicing good security practices. It would also be a warning to other governments, banks, communications companies, and others to upgrade their encryption systems ASAP, and to stop using "now broken" encryption systems immediately, even if this means taking services offline for some time.

If a government were to develop QC tech that can efficiently break modern encryption algorithms, I think they would prefer to use it to decrypt intercepted communications via the internet and elsewhere, with the hope their enemies will continue using "broken" encryption algorithms. Last month, a bunch of European internet traffic was rerouted via China (https://www.zdnet.com/article/for-two-hours-a-large-chunk-of-european-mobile-traffic-was-rerouted-through-china/) for two hours, and there have been similar incidents  (https://arstechnica.com/information-technology/2018/11/major-bgp-mishap-takes-down-google-as-traffic-improperly-travels-to-china/) before. These incidents could be true errors, or they could have been the Chinese government collecting encrypted internet traffic hoping to decrypt it, with current or future technology.
There are currently a number of different countries and governments which are extremely hostile to Bitcoin and others which aren't sure what to do in terms of banning it or allowing the people to use it. China is a scary one due to their history of not caring what others think and how they severely limit and censor their population. You make a excellent point that anyone with a quantum computer capable of breaking algorithms will probably not do it on a mass scale and will probably make targeted attacks to prevent everyone switching over to a quantum resistant algorithm.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 15, 2019, 02:34:04 PM
The water we drink, or the oxygen we breathe is far more rare than energy, and yet we pay each month for power.

Although most countries charge for power they also charge for water and can sometimes be very expensive depending on the country that you live in.

Given the ever-increasing effects of climate change, I think it's likely that access to water will be a huge issue as this century progresses. Wars might even start over it. You look at somewhere like Egypt and wonder what would happen if some of the countries upstream started using or diverting more from the Nile, particularly as they grow in population. You look at China and the effort it puts into acquiring and holding Tibet - which is the source of the biggest Chinese rivers - and you wonder what would happen if India, also growing in population, decides it needs more of that Tibetan water...

I don't think a cheap and efficient solution like nuclear fusion (in theory) will be distributed to the masses. This will probably be something which is exclusive to governments

If commercial fusion power does become possible, then maybe it will be used to resolve the issue of water shortage by providing cheap green power for water desalination plants... These plants already contribute to global warming, and likely will make the problem even worse as they expand in use due to water shortages. So with the way the world is going, if fusion does become possible, I'm not sure governments will be able to hold it back for themselves or even charge excessively for it - as energy demands and resource demands increase, providing access to fusion power may be one of the only ways to avert war.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Saidasun on July 16, 2019, 09:56:02 AM
Bare with me with this reply has I've been working on it for a while and have dropped it and came back to it a few times over the last few days. Its also taken me a while to get this all down. This discussion actually prompted me to log in to the forum after a while because this quality discussion is a rarity these days on this forum.

What I want to address is the different types of solutions which are currently either being developed or are fully developed and been deployed elsewhere. First I'll talk about the quantum resistant ledger and why Bitcoin doesn't need this and in fact I prefer the way Bitcoin is dealing with the whole quantum computer threat. Lets be clear and say quantum computers actually already exist and are already being used for multiple different things other than cracking algorithms and encryption. However just like its been discussed in this thread quantum computers are a number of years from becoming good enough to be able to threaten most encryption and certainly Bitcoins method of encryption. Estimations by large companies within the field has predicted we'll be seeing quantum computers with 2500+ qubits by the year 2025 but like many of you said these will be only just developed and will require a lot of testing and certainly won't be available to the average joe. However just because the mass population doesn't have access to these superior quantum computers doesn't mean its still not a threat. Governments which are probably funding these quantum computers are known to be pretty hostile towards Bitcoin and could use this to their advantage along with other things on their agenda. What some altcoins have done is included a quantum resistant ledger right from the get go in order to try and appeal to those that are misinformed. Implementing a quantum resistant ledger is all good when the altcoin its protecting is only worth a few cents but imagine implementing a untested and most importantly unproved quantum resistant ledger in a multi million pound industry like Bitcoin. This is the reason why Bitcoin developers and us as users of the software should be encouraging the development of Bitcoin to thoroughly test anything before its added to the "mainframe". The quantum resistant ledger I'm talking about has been implemented by a number of different altcoins but we are still unsure whether they will be ready and scalable without causing too much disruption to the value and of its users. This is why Bitcoin is one of the more respected cryptocurrencies out there because everything which is implemented is thoroughly tested and isn't just trying to appeal to people with new sparkly features. The quantum resistant ledger for example is a complete waste of time right now and isn't much more than a gimmick. It doesn't provide any more level of security than Bitcoin does and when quantum computers are able to break the algorithm Bitcoin uses it will then switch to a quantum resistant one which could in fact be better than the current quantum resistant ledgers we are seeing because its been tested over a number of years instead of just developed and thrown in there even when its not needed.

Despite these quantum resistant ledgers being gimmicks currently because they aren't providing any more security than traditional cryptocurrencies its at least a good idea to provide proof of concepts to the developers of Bitcoin and they can improve on the existing quantum resistant algorithms.The current quantum resistant solutions out there are mostly using eXtended Merkle Signature Scheme a hash-based digital signature system which allows reusable addresses and this is where I think Bitcoin could implement a less invasive algorithm onto the network. The problem with reusing addresses is once they have broadcast themselves onto the network they are then vulnerable to an attack from a quantum computer because they have exposed their public keys onto the network. This hash would then be suspect to quantum computers by using factoring to break the encryption and this is where I think the network could be improved without implementing a fully quantum resistant ledger by only allowing the use of an address once. So you could receive x amount on one address and then the wallet software automatically assigns that to a different address without broadcasting it to the network. I think this is possible and should be the only time an amount isn't broadcast to the network or only allow addresses to be used once by allowing them to receive coin and send from it once this would reduce the probability of a quantum computer finding the public key and attempting to crack it. We could actually do this in the current implementation of Bitcoin but not many people do and they simply reuse addresses even when its recommended to only use addresses once to avoid privacy issues. However if this was fully implemented into the network as a standard I think that would solve most of the problems. Its not completely safe but doesn't have a massive impact like implementing an entire new algorithm. At least for now we all know that Bitcoin will eventually have to adopt a new algorithm to keep up with the hardware being developed but so will many other things in the world.

Secondly lets talk about factoring and how quantum computers actually do it because I've seen this mentioned in a few of the replies but none of them have really gone into enough depth to justify mentioning it. So quantum computers are exceptionally fast at a few things and one of them is factoring. Factoring is used to crack conventional cryptography and this will be the route that quantum computers will take if they were to ever break the algorithm of Bitcoin but just mentioning factoring isn't really explaining how quantum computers are exceptionally good at it. Well quantum computers are very good at solving Discrete Fourier transform which in mathematics is converting a finite sequence of equally spaced samples of a function into a same the exact same length sequence of equally spaced samples of the discrete time Fourier transform which is a complex valued frequency. Discrete time Fourier transform is used to analyze samples of a continuous function. Discrete time is called that because it handles discrete data which their intervals are units of time basically. So using these functions quantum computers factor against the algorithm to find the solution. We have probably studied factoring at one point in our lives which includes multiplication however the factoring that quantum computers are doing is on a completely new level to that. Here's an example of a factoring problem:

The folllowing factoring problem
Code:
Given a number $N = pq$ where $p,q$ are primes, how do you recover $p$ and $q$?

would be solved by comparing common factors and using multiplication groups There's a great explanation already out there which outlines this problem and provides the sequence of the process to determine the solution: https://quantumcomputing.stackexchange.com/questions/1383/what-makes-quantum-computers-so-good-at-computing-prime-factors

By increasing the amount of qubits a quantum computer has we are effectively making it quicker at solving these problems by using the above mentioned method. This process is a lengthy one using current modern day computers but the idea behind quantum computers is once they have hit 3000 qubits they will be able to break most current day algorithms within a matter of seconds.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on July 16, 2019, 12:23:15 PM
Given the ever-increasing effects of climate change, I think it's likely that access to water will be a huge issue as this century progresses. Wars might even start over it. You look at somewhere like Egypt and wonder what would happen if some of the countries upstream started using or diverting more from the Nile, particularly as they grow in population. You look at China and the effort it puts into acquiring and holding Tibet - which is the source of the biggest Chinese rivers - and you wonder what would happen if India, also growing in population, decides it needs more of that Tibetan water...

If commercial fusion power does become possible, then maybe it will be used to resolve the issue of water shortage by providing cheap green power for water desalination plants... These plants already contribute to global warming, and likely will make the problem even worse as they expand in use due to water shortages. So with the way the world is going, if fusion does become possible, I'm not sure governments will be able to hold it back for themselves or even charge excessively for it - as energy demands and resource demands increase, providing access to fusion power may be one of the only ways to avert war.
Water is a big problem and whats worrying is most of the water around the world is privately owned and if a water were to break out these private companies could be bought out in an attempt to harm the civilians and cause unrest in that country. I might actually start a thread about water consumption and the worries if a war broke out but at the moment I'll continue discussing the quantum computers as this is possibly some of the best discussion I have participated in relating to it.

Bare with me with this reply has I've been working on it for a while and have dropped it and came back to it a few times over the last few days. Its also taken me a while to get this all down. This discussion actually prompted me to log in to the forum after a while because this quality discussion is a rarity these days on this forum.
Holy crap! I did not know we had this many people who are knowledgeable in the quantum mechanics field and can discuss quantum computers in such depth. I'll admit that what you have mentioned about factoring and how its actually done is a little over my head currently as I'm only dipping my toes into quantum computers. My knowledge is limited by I know what factoring is and I know quantum computers are exceptionally good at it but that actual specifics of working it out is still gibberish to me but I appreciate the input on the actual solutions and working it out!

The quantum resistant ledger has been running roughly a year and AFAIK as received some excellent praise and has received a lot of media coverage because of that although your point about reusing addresses wouldn't be sufficient in my opinion because we are then relying on the chance of the address not being targeted rather than implementing a system which is completely quantum resistant. It is true that the less you reuse an address the less exposure it has on the public ledger and thus the less likely it is to be a target although this doesn't completely prevent the address from being targeted due to it still being recorded on the address once they receive an amount. By implementing a quantum resistant algorithm we at least prevent this sort of attack from happening and there is no risk whatsoever although I would agree that reusable addresses shouldn't be a thing and you should only be able to use new addresses every time for other privacy issues but the way its implemented into the blockchain right now is the user gets to decide what sort of piracy level they are comfortable with which could possibly be the best approach if we are to stick with the decentralized way of Bitcoin and not limit users of it to specific rules.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Saidasun on July 16, 2019, 01:34:47 PM
The quantum resistant ledger has been running roughly a year and AFAIK as received some excellent praise and has received a lot of media coverage because of that although your point about reusing addresses wouldn't be sufficient in my opinion because we are then relying on the chance of the address not being targeted rather than implementing a system which is completely quantum resistant. It is true that the less you reuse an address the less exposure it has on the public ledger and thus the less likely it is to be a target although this doesn't completely prevent the address from being targeted due to it still being recorded on the address once they receive an amount. By implementing a quantum resistant algorithm we at least prevent this sort of attack from happening and there is no risk whatsoever although I would agree that reusable addresses shouldn't be a thing and you should only be able to use new addresses every time for other privacy issues but the way its implemented into the blockchain right now is the user gets to decide what sort of piracy level they are comfortable with which could possibly be the best approach if we are to stick with the decentralized way of Bitcoin and not limit users of it to specific rules.


The quantum resistant ledger (QRL) is only an example and there are many other projects which are doing different things with the end goal being the same; protecting the ledger from quantum computers. I disagree and think that being able to reuse an address is a security and privacy issue in its own right and has nothing to do with the freedom of the users to reuse the address. By allowing them to reuse addresses we are allowing them the opportunity to be stung but I'm always going to support projects which allow more privacy and can combat cash in that sense but I'm going away from the original point. Implementing a different algorithm might not be necessary until the very late stages of quantum computers and that would allow us to thoroughly test each algorithm while quantum computers are out potentially even using quantum computers to find out the answers to our questions about how well it scales.  The biggest concern with the QRL is that scability might be a big issue and there is no way to really test that. We have the theory of it working and being able to scale up however as we all know more solid theories in the past have been proven wrong. My point is that we could be implementing something which might not even protect us against our issues and then we would have to implement another system anyway which each time is going to affect the adoption and short term value of the currency. The only real benefit of doing it several times over in a short period of time would be media coverage other than that this would affect the daily users of Bitcoin and would be largely not beneficial to the system as a whole.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 17, 2019, 08:10:09 PM
A lot of the discussion around post-quantum cryptography and how to protect against attacks from quantum computers is more 'how can we use conventional computers to protect against quantum attack', rather than 'how can we use quantum computers to protect against quantum attack.'

In this thread we have covered how quantum computers are superior to conventional computers only in certain ways and for certain types of problem, where they can use their quantum nature to effectively take calculation shortcuts. It has also been discussed how quantum computers might be bolted onto conventional computers in a manner similar to GPUs. But this can be done as defence as well as attack.

I am a long way from being an expert, but from my limited understanding of the basics of quantum mechanics I think that one possibly fruitful avenue to pursue is using quantum properties as a pre-emptive defence mechanism. There has already been a lot of work in this area, particularly in Quantum Key Distribution, which uses quantum indeterminacy to ensure that any act of measurement (eavesdropping) is always detected. As with any other 'arms race' type situation where you have two opposing sides competing against one another, there have been many attempts to circumvent and hack quantum cryptographic processes. Whilst these have sometimes been successful, this success is often down to exploiting vulnerabilities in the set-up rather than in the quantum processes themselves. I do wonder as the technology to both defend and attack improves, whether it will reach a point where there is a final barrier in that the laws of quantum mechanics, whether the uncertainty principle or quantum entanglement or some other facet, creates a system that is fundamentally impossible to hack.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 18, 2019, 06:42:27 PM
We've mentioned a few times how quickly this field is advancing... yesterday a team at the University of New South Wales announced they have achieved a
200x speed improvement on a 2 qubit gate! (https://www.sciencealert.com/quantum-scientists-have-built-the-first-silicon-two-qubit-gate-between-atom-qubits)

https://i.imgur.com/5JhQze4.png (https://www.youtube.com/watch?v=BcsdCMix1ns)


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: PrimeNumber7 on July 21, 2019, 07:59:24 PM
However just because the mass population doesn't have access to these superior quantum computers doesn't mean its still not a threat. Governments which are probably funding these quantum computers are known to be pretty hostile towards Bitcoin and could use this to their advantage along with other things on their agenda.
I posted why I don't think this will happen above (https://bitcointalk.org/index.php?topic=5157696.msg51770848#msg51770848). In short, governments have bigger fish to fry than 'destroying' bitcoin. If a government were to use a QC to steal a bunch of bitcoins, it would serve as a warning to the rest of the world to upgrade their encryption algorithms that is Quantum resistant. If a country were to have the ability to break EDSCA but doesn't attack bitcoin, it could silently collect/intercept encrypted data/secrets, and learn the secrets being protected by the now broken encryption.


The problem with reusing addresses is once they have broadcast themselves onto the network they are then vulnerable to an attack from a quantum computer because they have exposed their public keys onto the network. This hash would then be suspect to quantum computers by using factoring to break the encryption and this is where I think the network could be improved without implementing a fully quantum resistant ledger by only allowing the use of an address once.
If you were to operate under the assumption that QCs will be used to attack bitcoin, what you describe will only be a temporary solution. Once QCs have enough qubits to calculate the private key within ~an hour, it will be unsafe to spend any coin. The reason is, it is common enough to see hour to 1.5 hour long blocks (the time between blocks) so that someone with a QC could start trying to break the private key of an address 'containing' a lot of coin that was spent within a few minutes from the time the last block was found, and double spend the transaction with a much larger fee once the private key is calculated. The attacker would be unsuccessful when the block time is less than a hour, however a bitcoin user has no way of knowing the time until the next block will be found, so every transaction will be at risk.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 22, 2019, 05:38:02 PM
However just because the mass population doesn't have access to these superior quantum computers doesn't mean its still not a threat. Governments which are probably funding these quantum computers are known to be pretty hostile towards Bitcoin and could use this to their advantage along with other things on their agenda.
I posted why I don't think this will happen above (https://bitcointalk.org/index.php?topic=5157696.msg51770848#msg51770848). In short, governments have bigger fish to fry than 'destroying' bitcoin.

I agree completely. If someone develops a quantum computer that can break existing encryption with ease, then there are much bigger targets than bitcoin. As mentioned by PrimeNumber7 above, if it becomes public knowledge that someone has hacked bitcoin and stolen say $1 million of coins, then crypto will take a nosedive and that $1 million will fall in value very very rapidly. If they steal $1 billion, then I'd be very surprised if they could cash it out to fiat before it lost most of its value.

We all know how volatile crypto prices can be, with even the merest suggestion of a rumour of bad news often enough to cause the whole market to tank. Something like a quantum hack would have a huge impact. If this hypothetical malicious actor with a quantum computer wants to make a huge amount of money, they could go after banks instead - that would be much more lucrative and probably easier. And if it's a government doing the hacking, then again it would be much more advantageous for them to hack a rival government (US vs China for example). They could wreak havoc, with infrastructure a likely target, but in theory any state secrets or corporate data would be vulnerable.

Finally we must also remember that one of the best things about crypto is that good coins are under continuous development, and defences against quantum attack will likely be in place long before it becomes a real risk. These coins are developed by some very smart and very tech-savvy people. If quantum computing becomes a threat, it won't take these people by surprise.

As I've mentioned before, I think that whilst a lot of work has gone into building quantum-resistant systems using classical computers, one of the best avenues of investigation is defence using quantum computers. There has been plenty of research into various methods of Quantum Key Distribution (https://en.wikipedia.org/wiki/Quantum_key_distribution), and this research continues with approaches such as Kak’s three-stage protocol (https://en.wikipedia.org/wiki/Three-stage_quantum_cryptography_protocol). Perhaps this will be quantum-attack-proof, or perhaps not. But the key here is that defence is actually moving faster than attack.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Saidasun on July 23, 2019, 10:17:38 AM
I agree completely. If someone develops a quantum computer that can break existing encryption with ease, then there are much bigger targets than bitcoin. As mentioned by PrimeNumber7 above, if it becomes public knowledge that someone has hacked bitcoin and stolen say $1 million of coins, then crypto will take a nosedive and that $1 million will fall in value very very rapidly. If they steal $1 billion, then I'd be very surprised if they could cash it out to fiat before it lost most of its value.

We all know how volatile crypto prices can be, with even the merest suggestion of a rumour of bad news often enough to cause the whole market to tank. Something like a quantum hack would have a huge impact. If this hypothetical malicious actor with a quantum computer wants to make a huge amount of money, they could go after banks instead - that would be much more lucrative and probably easier. And if it's a government doing the hacking, then again it would be much more advantageous for them to hack a rival government (US vs China for example). They could wreak havoc, with infrastructure a likely target, but in theory any state secrets or corporate data would be vulnerable.

Finally we must also remember that one of the best things about crypto is that good coins are under continuous development, and defences against quantum attack will likely be in place long before it becomes a real risk. These coins are developed by some very smart and very tech-savvy people. If quantum computing becomes a threat, it won't take these people by surprise.

As I've mentioned before, I think that whilst a lot of work has gone into building quantum-resistant systems using classical computers, one of the best avenues of investigation is defence using quantum computers. There has been plenty of research into various methods of Quantum Key Distribution (https://en.wikipedia.org/wiki/Quantum_key_distribution), and this research continues with approaches such as Kak’s three-stage protocol (https://en.wikipedia.org/wiki/Three-stage_quantum_cryptography_protocol). Perhaps this will be quantum-attack-proof, or perhaps not. But the key here is that defence is actually moving faster than attack.
I get your point that you and primenumber7 are putting across although lets not forget that Bitcoin has already had some very serious bugs in the past which involved basically printing off Bitcoin. This was a big thing at the time and luckily wasn't abused. You would think such negative press would have destroyed Bitcoin but it didn't. If money was stolen then Bitcoin would take a dive but I wouldn't say it would be the end of Bitcoin. Cash is stolen everyday and fiat currencies gets printed off fairly regular but that doesn't stop people using it. Bitcoin has its strengths and god forbid we will probably have incidents such as the earlier issue with printing off Bitcoin. I use printing off as a comparisons but really you could double spend coins and keep them and therefore create Bitcoins out of thin air.

The hypothetical person with the quantum computer able to break traditional encryption would probably not go after banks for multiple reasons. First of all banks would have definitely already switched to a quantum resistant encryption method and also the person who has access to the quantum computer will probably not be a ordinary person. They will be involved with the government or one of the wealthy elite in the world. Think facebook's CEO and while he may not agree with banks him attacking a bank mean prison. Whereas attacking Bitcoin is a little different laws are different and because you aren't attacking a centralized figure it is handled different. Also we need to remember that the likes of facebooks ceo would be in competition with Bitcoin as he is now releasing his own cryptocurrency. We do have enemies even more than the banks out there and unfortunate they are powerful enemies with seemingly unlimited funds. 


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on July 25, 2019, 10:49:51 AM
The hypothetical person with the quantum computer able to break traditional encryption would probably not go after banks for multiple reasons. First of all banks would have definitely already switched to a quantum resistant encryption method and also the person who has access to the quantum computer will probably not be a ordinary person. They will be involved with the government or one of the wealthy elite in the world. Think facebook's CEO and while he may not agree with banks him attacking a bank mean prison. Whereas attacking Bitcoin is a little different laws are different and because you aren't attacking a centralized figure it is handled different. Also we need to remember that the likes of facebooks ceo would be in competition with Bitcoin as he is now releasing his own cryptocurrency. We do have enemies even more than the banks out there and unfortunate they are powerful enemies with seemingly unlimited funds. 
I definitely agree with you that there will only be a few wealthy individuals that will have access to quantum computers and although I think its a good example that Mark Z would be a competitor against Bitcoin I think its fairly unrealistic in reality. Mark already has the marketing power and exposure that he needs for Libra and Bitcoin really isn't competing against him in that way. The only similarities they share is its a digital currency but as far as I know Libra isn't generated using encryption techniques and therefore can't be considered a cryptocurrency. Besides even if Bitcoin was a competitor I think the platform both Facebook and Instagram give him will knock spots off Bitcoins marketing techniques and he probably wouldn't have to invest as much into it compared to a quantum computer. I doubt he would have any other tasks to be completed with a quantum computer.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: hd49728 on July 30, 2019, 12:18:42 PM
All mechanics made by human, bitcoin made by human, Quantum computers made by human. Human can made, so human can destroy it, adjust it, improve it to make its stronger. If someday, Quantum computers become really dangerous to bitcoin, then bitcoin core developers will do find ways to improve bitcoin source codes, and strengthen protective mechanism of bitcoin network to potential attacks from Quantum computers.
Governments, I don't think we should over worry about governements. The history of bitcoin and crypto currencies show that bitcoin made by a man/ woman, foundation/ company, whatever, but it was definitely not made by government(s). My implication is governments are always falling farther behind bitcoin core developers, and crypto developers. They just want to use their power, legal power to control crypto currency world, but they will not completely reach their purposes. Addtiionally, governments are greedy to learn blockchain technology from @Satoshi Nakamoto, bitcoin core developers, and other crypto developers.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on August 01, 2019, 08:47:38 AM
Hi all  :) I thought I’d try to summarise Bitcoin's vulnerabilities to Quantum Computers, as well as some potential defences, and get it all in one post. Apologies for the wall of text, but hopefully it is useful...


Mining can potentially be much quicker with QCs.
The current PoW difficulty system can be exploited by a Quantum Computer using Grover’s algorithm (https://en.wikipedia.org/wiki/Grover%27s_algorithm) to drastically reduce the number of computational steps required to solve the problem. The theorised advantage that a quantum computer (or parallelised QCs) have over classical computers is a couple of orders of magnitude, so ~x100 easier to mine. This isn’t necessarily a game-changer, as this QC speed advantage is likely to be some years away, by which time classical computers will surely have increased speed to reduce the QC advantage significantly. It is worth remembering that QCs aren’t going up against run-of-the-mill standard equipment here, but rather against the very fast ASICs that have been set up specifically for mining.

Re-used BTC addresses are 100% vulnerable to QCs.
Address Re-Use. Simply, any address that is re-used is 100% vulnerable because a QC can use Shor’s algorithm (https://en.wikipedia.org/wiki/Shor%27s_algorithm) to break public-key cryptography. This is a quantum algorithm designed specifically to solve for prime factors. As with Grover’s algorithm, the key is in dramatically reducing the number of computational steps required to solve the problem. The upshot is that for any known public key, a QC can use Shor’s approach to derive the private key. The vulnerability cannot be overstated here. Any re-used address is utterly insecure.

Processed (accepted) transactions are theoretically somewhat vulnerable to QCs.
Theoretically possible because the QC can derive private keys from used addresses. In practice however processed transactions are likely to be quite secure as QCs would need to out-hash the network to double spend.

Unprocessed (pending) transactions are extremely vulnerable to QCs.
As above, a QC can derive a private key from a public key. So for any unprocessed transaction, a QC attacker can obtain the private key and then create their own transaction whilst offering a much higher fee, so that the attacker’s transaction gets onto the blockchain first, ahead of the genuine transaction. So block interval and QC speed are both crucial here – it all depends on whether or not the a QC can hack the key more quickly than the block is processed.


Possible defences...

Defences using classical computers.
  • Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle (https://hackernoon.com/wtf-is-cuckoo-cycle-pow-algorithm-that-attract-projects-like-cortex-and-grin-ad1ff96effa9), Momentum (http://www.hashcash.org/papers/momentum.pdf) and Equihash (https://en.wikipedia.org/wiki/Equihash).
  • Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS (https://cryptoservices.github.io/quantum/2015/12/08/XMSS-and-SPHINCS.html), but more promising (as far as I can tell) are the lattice-based (https://en.wikipedia.org/wiki/Lattice-based_cryptography) approaches such as Dilithium (https://pq-crystals.org/dilithium/), which I think is already used by Komodo.

Defences using quantum computers.
As I’ve said a few times, I’m more of a bumbling enthusiast than an expert, but exploiting quantum properties to defend against QC attack seems to me a very good idea. In theory properties such as entanglement (https://en.wikipedia.org/wiki/Quantum_entanglement) and the uncertainty principle (https://en.wikipedia.org/wiki/Uncertainty_principle) can offer an unbreakable defence. Again, people are busy researching this area. There are some quite astonishing ideas out there, such as this one (https://phys.org/news/2018-04-quantum-blockchain-blockchains-future.html).


I’ll leave it there. Apologies for all the external links, but hopefully this has summarised a few things.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on August 01, 2019, 01:14:46 PM
Thanks cnut237! I was thinking of summarising the thread and what we have discussed in the reserve post I made but I decided to just include useful quotes and links which I would like to hear more about and more differing opinions on if possible. I have moved this to Bitcoin development & technical discussion hopefully finding a few new people who can expand on the on going discussion and hopefully provide new useful information.

Defences using quantum computers.
As I’ve said a few times, I’m more of a bumbling enthusiast than an expert, but exploiting quantum properties to defend against QC attack seems to me a very good idea. In theory properties such as entanglement (https://en.wikipedia.org/wiki/Quantum_entanglement) and the uncertainty principle (https://en.wikipedia.org/wiki/Uncertainty_principle) can offer an unbreakable defence. Again, people are busy researching this area. There are some quite astonishing ideas out there, such as this one (https://phys.org/news/2018-04-quantum-blockchain-blockchains-future.html).

I have done some research in this particular field of quantum physics myself and had come across Rajan and Matt Visser proposed idea of implementing a blockchain which relied on transaction records being represented by pairs of entangled photons which would be ordered in a chronological way. Their idea is very smart and by preventing quantum computers from using data in the Blockchain by removing previous photons is a very unique solution to the problem. However I am a little concerned that this complex blockchain would be too hard for the public to grasp and usability could be compromised. The most important thing with Bitcoin is getting people trusting the software and investing in it with a solution as complex as this you would need a quantum computing degree to even grasp it which could result in the loss of faith from the public due to the complexity of the Blockchain. Currently the Blockchain is fairly easy to understand and can be explained in a concise matter but with a entangled photons based blockchain this would be lost.

This is one of my major concerns about Bitcoin being adopted by the masses. Its not the potential security risks because they will be combated with various different techniques. Its the problem of making Bitcoin too hard to understand and therefore losing the trust of the general user.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: qubitasic on August 01, 2019, 02:46:36 PM
We will have a quantum secure network. That is not an issue, but the 'shalecoins', coins with no owner, will become active. https://bitcointalk.org/index.php?topic=5134441.0

And that will be the most challenging thing. https://bitcointalk.org/index.php?topic=5166180.0


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: mda on August 01, 2019, 11:30:37 PM
A possible approach to deal with quantum threat would be a multi-tier encryption system. For small amounts (90% of the total) don't change anything, for medium amounts (9% of the total) use weaker and lighter Lamport signatures and for the rest use stronger and heavier Lamport signatures.

https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: cfbtcman on August 02, 2019, 05:31:05 AM
All mechanics made by human, bitcoin made by human, Quantum computers made by human. Human can made, so human can destroy it, adjust it, improve it to make its stronger. If someday, Quantum computers become really dangerous to bitcoin, then bitcoin core developers will do find ways to improve bitcoin source codes, and strengthen protective mechanism of bitcoin network to potential attacks from Quantum computers.
Governments, I don't think we should over worry about governements. The history of bitcoin and crypto currencies show that bitcoin made by a man/ woman, foundation/ company, whatever, but it was definitely not made by government(s). My implication is governments are always falling farther behind bitcoin core developers, and crypto developers. They just want to use their power, legal power to control crypto currency world, but they will not completely reach their purposes. Addtiionally, governments are greedy to learn blockchain technology from @Satoshi Nakamoto, bitcoin core developers, and other crypto developers.

Looking for the time that man takes to answer many times i would not be so positive, we never know what is being made secretly like USA Area 51 and so on...

Biggest project to hack cryptography in WW2 ENIGMA was something never thought by germans, but ENIGMA was cracked.

Looking for the way bitcoin works now and who makes decisions i would say maybe we are in danger, just look the time we start to talk about scalling and the time it really scalled (not yet).

Cracking bitcoin could be a good project for all governments to prove they are right about Bitcoin not be a good thing, and governments have a lot of resources!


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: crwth on August 16, 2019, 03:11:27 AM
This topic has got me thinking.

We all know that Quantum Computing could significantly improve the power of computers. Imagine that you are using this technology to have multiple nodes/computers. Then having those various computers, maybe roughly the amount of "enough users" to accept a new software that probably coded a bug or an exploit. Would we ever arrive at the part where Bitcoin has already formed to the right software where it could prevent this type of attack? Could bitcoin also recover? I think if this is successful, more trust would be broken not just with Bitcoin, but with Cryptocurrencies in general. It is knowing that there are a lot of people who don't understand this type of subject matter.

Anyway, why believe that Quantum Computing will end Bitcoin? Why not help it?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: cfbtcman on August 17, 2019, 02:19:34 AM
This topic has got me thinking.

We all know that Quantum Computing could significantly improve the power of computers. Imagine that you are using this technology to have multiple nodes/computers. Then having those various computers, maybe roughly the amount of "enough users" to accept a new software that probably coded a bug or an exploit. Would we ever arrive at the part where Bitcoin has already formed to the right software where it could prevent this type of attack? Could bitcoin also recover? I think if this is successful, more trust would be broken not just with Bitcoin, but with Cryptocurrencies in general. It is knowing that there are a lot of people who don't understand this type of subject matter.

Anyway, why believe that Quantum Computing will end Bitcoin? Why not help it?

Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

Hope the guys in command knows what they are doing, IOTA for example was lunched as anti-Quntum Attack, hope bitcoin improve in time.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: aplistir on August 17, 2019, 04:31:30 PM

Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

With the amount of transactions bitcoin currently has >300k/day, a rollback is almost impossible. Planning a rollback and getting everyone to agree with it would take some time, and what would you do with the >300-2000k transactions that were confirmed before the rollback?
There is a lot of money moving in bitcoin. How can anyone justify cancelling than many transactions?
Imagine. You sell your car for bitcoins, wait for it to confirm hand over your car and then the next day you don't have your coins anymore  >:(
What would that do to the reputation of bitcoin?

Maybe, if there would be a HUGE theft that would be noticed immediately, but that would have to be REALLY huge. I cant imagine such a thing happening anymore.
When a rollback was done bitcoin was a lot of smaller and there weren't as many transactions then. And the bug would have destroyed bitcoin if it had not been fixed. (someone created ridiculous amounts of new bitcoins from nothing. IF I remember correctly he created hundreds of millions of bitcoins...  ??? so something had to be done)



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: crwth on August 20, 2019, 05:04:25 AM
Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.
It's not a crack what I'm talking about, it's physically tricking the network or something like that. I doubt that it's going to work but in theory, it sounds plausible. That's why I suggested, instead of using Quantum computers to make normal computers, hashes, obsolete, why not make it more powerful using that technology? It's far ahead into the future but it's better than destroying things.



With the amount of transactions bitcoin currently has >300k/day, a rollback is almost impossible. Planning a rollback and getting everyone to agree with it would take some time, and what would you do with the >300-2000k transactions that were confirmed before the rollback?
That's the thing, you can't. Maybe if we are talking about theories, certainly, we can but it's all a theory unless you have enough power to hack everything and Bitcoin would turn inside out and all those things that you sold for BTC, wouldn't be worth it anymore. That's only true if it happens, which is impossible to do.

Maybe, if there would be a HUGE theft that would be noticed immediately, but that would have to be REALLY huge. I cant imagine such a thing happening anymore.
We will never know unless something happens unexpectedly, knowing the will of other people just to destroy other peoples hard work, it's just the reality anymore. What we need to worry about is what hackers do with their knowledge.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: j2002ba2 on August 23, 2019, 03:38:23 PM
We all know that Quantum Computing could significantly improve the power of computers.
QC could not improve computing power.

Classical computing will always be cheaper and faster than QC.

It is very simple physics, noise ruins all and every extrapolated prediction of QC efficiency.

IMO, quantum physics is not the reality, but rather a set of very useful statistical tools.

Due to the imaginary nature of quantum physics, people easily get confused.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: crwth on August 24, 2019, 10:52:56 AM
Due to the imaginary nature of quantum physics, people easily get confused.
And using that imagination, computers were invented. Imagine living in the 1800's; they probably imagined how they are going to talk to other people from another side Of the world? How is mathematics going to be easy? I wish there were some machine or equipment for that

Don't be so negative with things that are not yet adequately realized. It all starts with a theory and a what-if.

It's hard yet to realize since there are only two ways to do quantum computing and you need an expensive device to experiment. It needs to be in a vacuum chamber etc. The human race would get there, for sure. (unless we have destroyed our home, Earth) Lol


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: 2double0 on August 28, 2019, 12:38:08 PM
Due to the imaginary nature of quantum physics, people easily get confused.
And using that imagination, computers were invented. Imagine living in the 1800's; they probably imagined how they are going to talk to other people from another side Of the world? How is mathematics going to be easy? I wish there were some machine or equipment for that

Don't be so negative with things that are not yet adequately realized. It all starts with a theory and a what-if.

It's hard yet to realize since there are only two ways to do quantum computing and you need an expensive device to experiment. It needs to be in a vacuum chamber etc. The human race would get there, for sure. (unless we have destroyed our home, Earth) Lol

When devs are getting their hands on these devices, can't a counter-defence (or attack) be introduced by them even at their understanding of 2 qubits to help figure out what type of actual attacks can destruct the memorandum code for Bitcoin? Can it be just attacking the value of Bitcoin or it will also destroy the whole economy? Considering that over 84% of BTC has already been mined, I see it to be least affecting the niche but the thing is, Bitcoin is still 'not fully, but to some extent' vulnerable to this type of *imagination* and we should prepare ourselves for a situation if occurs in near future. Why not find out a technology that can prevent us from the attacks of QC? If QC and other things were imagined and have become truth now, there must be something that can abolish their twitches and burst the bubble before it becomes too big to stop you from breathing.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: crwth on August 28, 2019, 04:11:06 PM
When devs are getting their hands on these devices, can't a counter-defence (or attack) be introduced by them even at their understanding of 2 qubits to help figure out what type of actual attacks can destruct the memorandum code for Bitcoin? Can it be just attacking the value of Bitcoin or it will also destroy the whole economy?
So are you saying that developers are going to use it for good or not? I don’t quite understand what you are trying to say. With the use of QC, you would use it to see what “type” of attacks would work on Bitcoin and how it could be prevented? (That’s the good part).

What memorandum are you talking about? Maybe you are talking about integrity of the code? Altering it would cause a lot of economical tragedy with Bitcoin. Loss in value etc.

Considering that over 84% of BTC has already been mined, I see it to be least affecting the niche but the thing is, Bitcoin is still 'not fully, but to some extent' vulnerable to this type of *imagination* and we should prepare ourselves for a situation if occurs in near future.
I think time will come when it does that but we are probably not alive anymore when it happens. Maybe there would be a great change with regards how we are currently using cryptocurrencies now.

Why not find out a technology that can prevent us from the attacks of QC? If QC and other things were imagined and have become truth now, there must be something that can abolish their twitches and burst the bubble before it becomes too big to stop you from breathing.
Approaching it where the problem is QC (theory only) it should be answered by the same powerful thing, QC. It’s like fighting fire with fire, but everything is digital.

We are not there yet where it’s applicable already.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on August 31, 2019, 01:29:11 PM
So are you saying that developers are going to use it for good or not? I don’t quite understand what you are trying to say. With the use of QC, you would use it to see what “type” of attacks would work on Bitcoin and how it could be prevented? (That’s the good part).
Because of the issue discussed of only the wealthy elite being able to get their hands on quantum computers that are capable of threatening the algorithm Bitcoin uses its not realistic to use it for good. Especially because the easy solution would be changing to a different algorithm which would be capable of defending against a quantum computer. If someone wants to help Bitcoin against the future threat of quantum computers it would be contributing to the projects which are intending on implementing the quantum resistant algorithms or Bitcoin itself.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: crwth on September 01, 2019, 06:21:44 AM
Because of the issue discussed of only the wealthy elite being able to get their hands on quantum computers that are capable of threatening the algorithm Bitcoin uses its not realistic to use it for good.
I have never thought of the economics aspect towards how the Quantum Computers are going to be a threat towards the different kind of computing systems. I agree that the ones who can be the first customers of QC's might probably be the richest people. Addition to the people researching on that subject, they are going to be the first ones.

If someone wants to help Bitcoin against the future threat of quantum computers it would be contributing to the projects which are intending on implementing the quantum resistant algorithms or Bitcoin itself.
I know that we are far away from that reality but preventing the possible QC attacks to the network is more viable. I'm just not sure how they are going to do it because knowing the computing capabilities of QC, and it could outsmart any problems faster than normal.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: cfbtcman on September 03, 2019, 03:41:27 AM

Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

With the amount of transactions bitcoin currently has >300k/day, a rollback is almost impossible. Planning a rollback and getting everyone to agree with it would take some time, and what would you do with the >300-2000k transactions that were confirmed before the rollback?
There is a lot of money moving in bitcoin. How can anyone justify cancelling than many transactions?
Imagine. You sell your car for bitcoins, wait for it to confirm hand over your car and then the next day you don't have your coins anymore  >:(
What would that do to the reputation of bitcoin?

Maybe, if there would be a HUGE theft that would be noticed immediately, but that would have to be REALLY huge. I cant imagine such a thing happening anymore.
When a rollback was done bitcoin was a lot of smaller and there weren't as many transactions then. And the bug would have destroyed bitcoin if it had not been fixed. (someone created ridiculous amounts of new bitcoins from nothing. IF I remember correctly he created hundreds of millions of bitcoins...  ??? so something had to be done)



I was speaking in the case of a big attack, if it happens a little one its the same as you be hacked in your browser with a keylogger, that happens everyday or some guys stoling exchangers.

I think should exist some link in bitcoin.org website to complaint about transactions maybe hacked and should be marked as under investigation if we discover a padroon maybe can help to catch the bad guys.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: LUCKMCFLY on September 05, 2019, 10:21:52 PM
I want to share this article where they talk that the NSA wants to develop a cryptocurrency with quantum resistance:

https://i.imgur.com/91U7naf.png
Source: https://cointelegraph.com/news/nsa-working-to-develop-quantum-resistant-cryptocurrency-report

It is necessary to emphasize that the development of quantum computers has always attracted my attention, and I can only imagine that by having a Quantum Computer, and this quantum resistance coin is taken, the potential that will be developed will be incredible.

I have always thought that development calls for development and innovation, the algorithms will be with much more optimal codes, and if we add the artificial intelligence that helps to continue developing the improvements in a quantum computer, bitcoin would in turn have a prolonged growth, Well, if we assume that all altcoins depend on Bitcoin directly or indirectly combined with superior technology, it could be said that the market in general would enter a higher level where the price of Bitcoin would be much higher, since people pay whatever To have security.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: satoquotes on September 09, 2019, 01:26:14 PM
For reference, there are some promising candidate for quantum resistant cryptography signature, such as :
1. Lamport Signature
2. Lattice-based Cryptography
3. Multivariate-based cryptography

These would be temporary solutions. Therefore they are developing new cryptos.

Postquantum, nobody will be able to prove that he/she/they was/were the owner/s in the old system, because everyone will be able to reproduce the privatekeys of old blockchains.

We will have a quantum secure network.
This will be the new beginning.

edited


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on October 22, 2019, 12:46:32 PM
I want to share this article where they talk that the NSA wants to develop a cryptocurrency with quantum resistance:
--snip--

NSA and cryptocurrency is weird pair and i have some skepticism.

But effort to make quantum-resistant cryptocurrency cryptography already happened for years and even few cryptocurrency claim cryptography they use is quantum-resistant.
For reference, there are some promising candidate for quantum resistant cryptography signature, such as :
1. Lamport Signature
2. Lattice-based Cryptography
3. Multivariate-based cryptography
Skepticism is valid because they are the NSA but remember that not every american government related organization is bad for the development of Bitcoin or cryptocurrency. The Tor Browser project was first made by the US Navy and their goal was to create a circuit based network which was capable of operating on low latency which would provide anonymity to its users. This quickly turned into a very good project for those wanting to conceal their identity while browsing the web and expanded beyond military use. The military has probably moved away from using the tor browser project because of exit nodes showing plain data and can be used by anyone unless they have control of their own nodes and only connect to them. The point I'm trying to make despite these projects being anti government in certain areas they were still developed by organizations close to the government. The Tor Browser went against NSA's principles of wanting all the information they can on everyone just like Bitcoin and other cryptocurrencies encourage anonymity.

The funding that NSA can bring will certainly help the development towards a better alternative to lamport, lattice and multivariate based cryptocurrency if it doesn't provide a better alternative its always better to have more minds contributing to a issue because other projects like lamport or does not have the funding that the NSA does will be able to learn and integrate additions that the NSA have proposed.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: funsponge on November 05, 2019, 12:06:33 AM
A lot of people mention it here but how exactly is a quantum computer so good at one specific task? How are the developed differently? I have been studying quantum computers recently after the recent announcement of the Google quantum computer ground breaking qbits but whenever someone says quantum computers are only good at one specific task they never go into detail why that is true.

I would have thought that quantum computers would be good at all tasks just like a normal computer because they have better hardware than personal computers. How could that possibly have a detrimental effect on the computer if the hardware is much better?

Does it have something to do with the heat that the computer generates because of the amount of work that the hardware is putting in?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: tromp on November 05, 2019, 08:53:13 AM
A lot of people mention it here but how exactly is a quantum computer so good at one specific task?

Quantum computers are often compared with massively (exponentially so) parallel computers.

Their states are actually superpositions of classical states, each of which has a complex amplitude, which can be thought of as a complex analogue of probability.

Unlike classical parallelism, states in superposition are NOT individually observable.
You need to orchestrate the quantum computation so that states you don't want to observe CANCEL each other in amplitude.

Only problems with a very particular structure, such as integer factorization, allow for cancellation of all but an exponentially small fraction of desirable states, i.e. states from which we can extract the problem answer.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Saidasun on November 05, 2019, 11:31:41 AM
A lot of people mention it here but how exactly is a quantum computer so good at one specific task? How are the developed differently?
Computers are made with a layering system which determines what is on the computer. More layers does not necessarily mean a slower computer but in general terms when comparing a personal computer and a quantum computer it is the case. A personal computer has more layers and operates off high level programming instead of low level. Low level programming is sometimes called machine code and high level programming is called byte code. You are familiar with byte code because you use it every day. Byte code is on a operating system level and usually requires an operating system to be present. Look at windows and Ubuntu these are the operating systems which bytecode interacts with. These operating systems are designed to be a jack of all trades unlike super computers and quantum computers which excel at only a couple of things.

Just think that your computer that has these operating systems on them have useful programs like calculators and UI's and all kinds of things that help you as a daily user. However when quantum computers come into the frame they consider these programs useless. Even if a quantum computer has more powerful hardware it would still be a waste of resources to install a operating system. Instead they will use machine code and machine code is usually used for specific tasks. Your TV remote for a example as machine code and does not have a operating system. Automatic doors on a car would only have machine code. They are designed for speed in mind and to perform only a few tasks. Your tv remote flicks over channels but it cant surf the web or have a built in calculator same goes for a locking mechanism on a car it only has two jobs and that is to lock or unlock the door.

These are simple examples and ways of explaining this but this is the general idea of quantum computers vs a personal computer. A quantum computer will not have an operating system and they will be designed like your tv remote to carry out specific tasks as efficiently as possible. The biggest quantum computer development is factoring and they are extremely good at solving factoring problems but they can't calculate anything else except for what they are told to do. Combing this with the hardware of a quantum computer gives you what they are today. Qbits is a measurement of the processing power of these computers.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Macadonian on November 05, 2019, 12:22:14 PM
-snip-
This is a good explanation at a very basic level but quantum computers are much more than just a layered system but I would agree that this is probably the best way of explaining the differences between normal computers and quantum computers and  I would like to say that because of this layering system targeted attacks would be more probable than large scale attacks due to having to rework what you call the machine code. I would call these super states which tromp goes into a little detail about. The only thing that newcomers to Bitcoin need to know is quantum computers aren't the end of Bitcoin and at a basic level they are made different than to your computer at home. They are only capable of targeted attacks and Bitcoin is probably at the lower end of priorities for a potential attacker. EDSCA is not going to be a big target for someone with a quantum computer and despite the media claims Bitcoin will not be in danger for at least another 10 years unless there is some groundbreaking breakthroughs in the scene of quantum mechanics.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on November 24, 2019, 09:41:19 AM
When considering the security impact of quantum computers, we do need to make the distinction between post-quantum cryptography, which uses classical computers to provide quantum-resistant algorithms,  and quantum cryptography, which uses quantum computers to provide quantum-resistant algorithms.

If we consider quantum computers as a means of attack, we are generally thinking about the phenomenal factoring power which can swamp traditional security measures. As we have discussed, there has been a lot of work in post-quantum cryptography to establish robust classical defences, ranging across a number of different approaches using some quite sophisticated maths, be it lattice, Lamport/Merkle sig or (deep breath) supersingular-isogeny-graph-Diffie-Hellman-key-exchange.

Some of these approaches show a lot of promise. However quantum cryptography - building fundamentally unbreakable security measures by using the laws of quantum mechanics - is for me a hugely important strategy. I say fundamentally unbreakable because the act of observation (or eavesdropping, or hacking) is an integral component in any quantum mechanical system. The observer impacts the results, as in the Schrodinger's Cat thought experiment (incidentally the theoretical cat is not both alive and dead at the same time, rather it is in a superposition of the states, a probability function that only resolves upon being observed).
Any attempt to observe/hack/eavesdrop on the quantum state alters the data, and it's impossible to pull the data out and copy it, either. This is demonstrated by the no-cloning theorem (https://en.wikipedia.org/wiki/No-cloning_theorem).

I've already mentioned Kak's 3-stage protocol (https://en.wikipedia.org/wiki/Three-stage_quantum_cryptography_protocol), which is entirely quantum, unlike the more commonly used approach of Quantum Key Distribution... but I'd like to go into QKD a bit here, just to demystify it a bit.

The standard terrestrial approach to QKD is essentially to send photons one-by-one down a normal fibre-optic cable. If someone tries to read (hack) the communication, then this act of observation alters the polarity of the photon, and so the recipient becomes aware of the hacker's presence. This is simple QM, it's a basic physical law that can't be bypassed. Of course you wouldn't send a whole message in this way, but it is a perfect method for establishing a shared key.

There is also a satellite approach to QKD that China is developing, which relies on quantum entanglement so that two photons both have the same physical state. Again, anyone eavesdropping disrupts the communication.

... so whilst understandably a lot of focus is on the dangers posed by attacks that exploit the properties of quantum mechanics, it is (in mainstream opinion) sometimes overlooked that those same properties can provide a phenomenal (and as we understand QM, perfect) defence.

https://www.sciencemag.org/sites/default/files/styles/inline__699w__no_aspect/public/SuperLASER_Drupal_1.1.png?itok=993vDS1b

[image sourced from this article: https://www.sciencemag.org/news/2017/06/china-s-quantum-satellite-achieves-spooky-action-record-distance ]



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 01, 2019, 05:09:05 PM
Why is everyone discussing cryptography but not dividing the systems into symmetric and asymmetric? Not taking into account quantum computing, which today is a greater reality than this summer (https://ai.googleblog.com/2019/10/quantum-supremacy-using-programmable.html), for a cryptanalyst, any asymmetric system can be hacked. It all depends on the amount of plaintext and the corresponding code, the availability of a public key.

Sooner or later, this problem is solved mathematically, and not by exhaustive search of the code, which everyone fears. Even if the problem is not completely solved by mathematical analysis, thanks to it, the remaining options for exhaustive search are greatly reduced in comparison with the initial ones. Here is a look at the old material that has become relevant today: https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html This is the genius of the entire science of cryptography writes, and not the simple owner of bitcoin. Of all existing systems, only AES-256 (symmetric) remains in today's post-quantum world.

And do not forget that all systems with public and private keys are much more resource-intensive than any symmetric one. How you are going to use the post-quantum asymmetric system on a regular computer is not clear. And in blockchain technology, it’s even more incomprehensible.

To fantasize and expect ready-made solutions, to doubt the progress of computing technology, not to know that the entire blockchain is built on an unproven assumption, about the lack of a mathematical solution to the asymmetric encryption used, and not to know about the danger of elliptic cryptography based on the assumption that there are no collisions in the selected elliptical ( there are a lot of examples, including errors of standardization of these curves by NIST itself) - this is sticking your head in the sand.

Long live ostriches, the most daring birds in the world!


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Danydee on December 02, 2019, 11:14:01 PM
Great's to read OP,
This is what you think !

Now can you imagine if certains parties wants to targets someone, there is simply just nothing that he can do. Do this is not a field that discourage the using of Bitcoin !?

And here's is the question, as there's already Quantum-Proof cryptocurrencies existing.





 [.... ]
If someone wants to help Bitcoin against the future threat of quantum computers it would be contributing to the projects which are intending on implementing the quantum resistant algorithms or Bitcoin itself.
I know that we are far away from that reality but preventing the possible QC attacks to the network is more viable. I'm just not sure how they are going to do it because knowing the computing capabilities of QC, and it could outsmart any problems faster than normal.
What do you think of a graduated upgrade that could implement the core/network with a protocol using a second private key for an address, so the core recognise if a address is upgraded to/(have adopted the protocol), and then alow or not the task from that address. As that's would be operated gradually, from a proper adoption of the wallets owners, anybody will forgotten!  ???



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 03, 2019, 01:38:29 PM
When considering the security impact of quantum computers, we do need to make the distinction between post-quantum cryptography, which uses classical computers to provide quantum-resistant algorithms,  and quantum cryptography, which uses quantum computers to provide quantum-resistant algorithms.

If we consider quantum computers as a means of attack, we are generally thinking about the phenomenal factoring power which can swamp traditional security measures. As we have discussed, there has been a lot of work in post-quantum cryptography to establish robust classical defences, ranging across a number of different approaches using some quite sophisticated maths, be it lattice, Lamport/Merkle sig or (deep breath) supersingular-isogeny-graph-Diffie-Hellman-key-exchange.

Some of these approaches show a lot of promise. However quantum cryptography - building fundamentally unbreakable security measures by using the laws of quantum mechanics - is for me a hugely important strategy. I say fundamentally unbreakable because the act of observation (or eavesdropping, or hacking) is an integral component in any quantum mechanical system. The observer impacts the results, as in the Schrodinger's Cat thought experiment (incidentally the theoretical cat is not both alive and dead at the same time, rather it is in a superposition of the states, a probability function that only resolves upon being observed).
Any attempt to observe/hack/eavesdrop on the quantum state alters the data, and it's impossible to pull the data out and copy it, either. This is demonstrated by the no-cloning theorem (https://en.wikipedia.org/wiki/No-cloning_theorem).

I've already mentioned Kak's 3-stage protocol (https://en.wikipedia.org/wiki/Three-stage_quantum_cryptography_protocol), which is entirely quantum, unlike the more commonly used approach of Quantum Key Distribution... but I'd like to go into QKD a bit here, just to demystify it a bit.

The standard terrestrial approach to QKD is essentially to send photons one-by-one down a normal fibre-optic cable. If someone tries to read (hack) the communication, then this act of observation alters the polarity of the photon, and so the recipient becomes aware of the hacker's presence. This is simple QM, it's a basic physical law that can't be bypassed. Of course you wouldn't send a whole message in this way, but it is a perfect method for establishing a shared key.

There is also a satellite approach to QKD that China is developing, which relies on quantum entanglement so that two photons both have the same physical state. Again, anyone eavesdropping disrupts the communication.

... so whilst understandably a lot of focus is on the dangers posed by attacks that exploit the properties of quantum mechanics, it is (in mainstream opinion) sometimes overlooked that those same properties can provide a phenomenal (and as we understand QM, perfect) defence.

https://www.sciencemag.org/sites/default/files/styles/inline__699w__no_aspect/public/SuperLASER_Drupal_1.1.png?itok=993vDS1b

[image sourced from this article: https://www.sciencemag.org/news/2017/06/china-s-quantum-satellite-achieves-spooky-action-record-distance ]



--------------
Creating a shared key over fiber? Quantum methods? But what's revolutionary here. These experiments are already 40 years old. This method is not for the average user with a device connected to a wifi point. This is for special organizations. And not at great distances. In addition, there should be a mass of photon amplifiers and other equipment on the track.

And is this just to create a shared key?
It’s easier to find an open communication channel that no one has been controlling for a long time ... no one will track an ordinary paper letter “to the grandfather’s village”, not a single hacker.

Mankind likes methods that require a ton of money and technology. This gives rise to new value. This gives rise to the consumer. This spins the economy. Well, where is the development of cryptography?

But in essence, for us, for ordinary users of cryptography, this method of technology development is similar to building a fortified fortress only for protection against one mosquito, and not for life.

It seems to me that the future is not for technological solutions in this area, but for logical ones.

In technology, humanity has long been “grazing behind”, so far an electric drone can be in autonomous flight for a limited time, measured in hundreds of minutes. Guys, this chemical method of storing electrons is already 3000 years old. The Nobel Prize in Chemistry was given for the molding of electrical power supplies, for a lithium-ion battery. Previously, for this “invention” they would only give a patent. And now the Nobel Prize. Awesome!

Do not feel the lack of development? Today everyone considers development a thinner smartphone case and they are proud of it. But this is the level of molding. Is evolution reversed?

Especially, this degradation became noticeable with the development of digital communications. Instead of coming up with new encryption methods, everyone comes up with an increase in the key length (and candidates for post-quantum systems have keys of phenomenal length), and work in the fields of huge, "astronomical" numbers that do not exist in the universe, which load our skinny smartphones. Aw, people, wake up ... There must be "human", reasonable decisions.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Danydee on December 04, 2019, 12:04:12 AM

It seems to me that the future is not for technological solutions in this area, but for logical ones.

That's if there is no need for a "WW3" before !


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Danne87 on December 04, 2019, 01:17:30 PM
I want to share this article where they talk that the NSA wants to develop a cryptocurrency with quantum resistance:

https://i.imgur.com/91U7naf.png
Source: https://cointelegraph.com/news/nsa-working-to-develop-quantum-resistant-cryptocurrency-report

It is necessary to emphasize that the development of quantum computers has always attracted my attention, and I can only imagine that by having a Quantum Computer, and this quantum resistance coin is taken, the potential that will be developed will be incredible.

I have always thought that development calls for development and innovation, the algorithms will be with much more optimal codes, and if we add the artificial intelligence that helps to continue developing the improvements in a quantum computer, bitcoin would in turn have a prolonged growth, Well, if we assume that all altcoins depend on Bitcoin directly or indirectly combined with superior technology, it could be said that the market in general would enter a higher level where the price of Bitcoin would be much higher, since people pay whatever To have security.



I can not agree. They must protect every transaction from hacking, and such a button is needed


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: sureBitcoin on December 04, 2019, 02:45:49 PM
Quote
I don't believe Quantum Computing will ever threaten Bitcoin

We think that the developers had made huge gains in that area and that they - large enough for any calculation - already exist. But the digital world is not prepared for quantum computing so they are introducing it step by step - like Google's sycamore - to have a smooth change to post quantum computing.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 04, 2019, 07:15:16 PM
Quote
I don't believe Quantum Computing will ever threaten Bitcoin

We think that the developers had made huge gains in that area and that they - large enough for any calculation - already exist. But the digital world is not prepared for quantum computing so they are introducing it step by step - like Google's sycamore - to have a smooth change to post quantum computing.
------------------------------------------
Quantum computers are not as far from life as you think. Look at Amazon's new services. Offer for commercial use. And why is everyone obsessed with these qubit calculators?

Cryptography on elliptic curves has compromised itself for a long time, they just don’t write about it.
The discovery was made not by full-time employees of GCHQ (a division of the special services of England), but by mathematicians of the CESG division, which is responsible for national ciphers and the protection of government communications systems in the UK. And the close interaction between the GCHQ and the NSA of the USA takes place primarily along the lines of joint intelligence activities. In other words, since the NSA also has its own IAD (Information Assurance Directorate) department, specializing in the development of cryptographic algorithms and information protection, the discovery of British colleagues was a complete surprise for the mathematicians of this unit. And for the first time they learned about it from their fellow spies who closely interact with the British ...
Blockchain is hanging by a thread. The blockchain is saved by the non-compromised hashing function and its massive use.
The most secret and powerful special service in the world (USA) back in 2015 FORBIDDEN to use ECC on which the ECDSA in Bitcoin is based. This organization just does nothing.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on December 05, 2019, 01:56:44 PM
QKD
-snip-

This method is not for the average user with a device connected to a wifi point. This is for special organizations.
It's for the average user. If the average user is connecting to wifi, to the internet, then they can connect to an unhackable quantum internet, too. There is a lot of work going on in this area, using the fundamental properties of quantum mechanics to create an inherently unhackable network. It's not just the Chinese, take Europe's Quantum Internet Alliance as another example - a summary of their work is here (http://quantum-internet.team/wp-content/uploads/2018/06/PUBLIC-SUMMARY-QIA-1.pdf)... and there's a more mainstream-friendly article here (https://www.technologyreview.com/s/612327/europes-quest-for-an-unhackable-quantum-internet/).




Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 06, 2019, 07:23:05 AM
QKD
-snip-

This method is not for the average user with a device connected to a wifi point. This is for special organizations.
It's for the average user. If the average user is connecting to wifi, to the internet, then they can connect to an unhackable quantum internet, too. There is a lot of work going on in this area, using the fundamental properties of quantum mechanics to create an inherently unhackable network. It's not just the Chinese, take Europe's Quantum Internet Alliance as another example - a summary of their work is here (http://quantum-internet.team/wp-content/uploads/2018/06/PUBLIC-SUMMARY-QIA-1.pdf)... and there's a more mainstream-friendly article here (https://www.technologyreview.com/s/612327/europes-quest-for-an-unhackable-quantum-internet/).

----------------------
Yes everything is correct.
Quantum Internet, more correctly called photon.
This is a network section having either physical optical fiber, or photons can be transmitted via "air", within sight. It is this version of the quantum-photon Internet "over the air" that has been successfully tested in the United States, it seems back in 1987. Then they transmitted 300 meters a signal from the roof of one building to the roof of another. Then they experienced photon amplifiers, and it seems to be successful.
This is an old, well-known, tested technology, based on fundamental knowledge of physics at the level of secondary general education.

Yes, no one will attack you in the photon communication channel, there is no sense. Your wifi, your device will attack, everything is as usual. Just like it is doing now.
In addition, the photon Internet, in the case of a Wifi access point, does not save you from phishing (81% of all attacks), nor from a person in the middle, or from the danger of quantum computing of your key information.

There is no way to do without a new post-quantum cryptography.
Therefore, I think that this method is not for us, ordinary users, moreover, it will not give anything if you have a wifi next. But for special organizations - what you need.

The tasks that this Internet performs in the foreseeable future are limited to the task of transmitting the secret key for symmetric systems, without using asymmetric ones.
Such an Internet, or rather a section of the Internet, since we have to use either Wi-Fi, or the 3,4,5G Internet, does not solve the problem of a system of trust in your public key. With all the ensuing consequences.
What's bad about this is that the user is even more careless.
Yes, we also forgot the attacks on the server side of the network.
In addition, we, everyday users of cryptography are always using in our interests, not negotiating us everything that they know.
So, there are interesting facts about the dangers of cryptography on elliptic curves. And on this cryptography our blockchain is based (more precisely, its digital signature). If there is interest in what we are not being negotiated with, you can read my post dated December 04: https://bitcointalk.org/index.php?topic=5204368.40

You need to be careful about all offers, especially in the field of digital security. Our safety is only in our hands.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 06, 2019, 07:30:46 AM
At the link above, in a post dated December 04, the question is described:

"This material reasonably answers important 2 questions:

1. Is cryptography on elliptic curves so safe as we think?

2. Are quantum computations really dangerous for
modern public key cryptosystems?"

https://bitcointalk.org/index.php?topic=5204368.40


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on December 06, 2019, 09:54:49 AM
There is no way to do without a new post-quantum cryptography.

Some approaches to post-quantum cryptography do show huge promise, I'll agree with that, as we've covered on previous pages.

I was trying to make the distinction between post-quantum cryptography which uses classical approaches, and quantum cryptography, which exploits the inherent 'unhackability' of quantum mechanics. Significant progress is being made in QC as well as in PQC.

The difference is between PQC being theoretically unhackable because of complex and esoteric maths, and QC being fundamentally unhackable because of the underlying laws of physics. Both approaches have merit, but the discussion is always around PQC. I thought it was time that QC had a voice, too.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: TechPriest on December 06, 2019, 11:07:29 AM
Why not find out a technology that can prevent us from the attacks of QC? If QC and other things were imagined and have become truth now, there must be something that can abolish their twitches and burst the bubble before it becomes too big to stop you from breathing.
Approaching it where the problem is QC (theory only) it should be answered by the same powerful thing, QC. It’s like fighting fire with fire, but everything is digital.
We are not there yet where it’s applicable already.

I would not so optimistic about QC. The main problem of their realization, is the problem of symmetry. FT transformations (its composition of Fredkin gate (https://en.wikipedia.org/wiki/Fredkin_gate) and Toffoli gate (https://en.wikipedia.org/wiki/Toffoli_gate)) will destroy quantum entanglement in bosons. "raw" fermions can't be used for QC too because, if we have more than 3 qubits, than their result vector will be 0, so we can't calculate anything with it.

As i read last time, scientists want to use "fermionic lattices" . But it will be really hard to impelement it in real technology, because it much harder to control such "lattice". In "lattice" you need to control n states in n qubits, but in "raw" QC without such lattices it would be enough to control just 2 states in n qubits.

And for "ECDSA hack" we need thousands of qubits (and now have just a 50 qubits, after 40 year of QC research start).

my understanding is that ECDSA will eventually be vulnerable to quantum computers. SHA-256 not so much.

You're right. But let us be more specific:
Every public key cryptography is vunerable to quantum computing due to Shor's algorithm (for integer factorization and discrete logarithm). SHA 256 is not vunerable in meaning that there is not any quantum algorithm which breaks it fast. But it's vunerable in meaning that quantum computers may be incomparably powerful (in million times) compared to today's computer.

Also, it's interesting that we don't have any quantum computer for now (and i doubt that we will have one, with all it's "magical" capabilities) but we already have post quantum RSA (https://www.schneier.com/blog/archives/2017/05/post-quantum_rs.html)



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 06, 2019, 03:29:02 PM
You are mistaken if you think that ESDSA can be wrecked only by exhaustive search (brute force attack). This is a common misconception, which is supported by the majority.
And if I allow myself to object.

In the sense that there are other dangers in this area of ​​cryptography.
The danger of cryptography on elliptic curves lies in the elliptic curves themselves. They have collisions. That is why, back in 2015, the NSA (USA) opposed this type of cryptography, despite the fact that it had previously campaigned only for this cryptography. And after 2015, she again returned to the old SAR system. And this despite the very long key length relative to the ECC keys.
Let's do it in order.

1. Collisions of elliptic curves themselves.
The National Institute of Standards and Technology (USA) NIST is involved in the development of standards and specifications. The problem is that some classes of elliptic curves are weak. Specialists have a question, where do the random generating values ​​for the elliptic curves of standardized NIST come from? Answer: unfortunately, we do not know. These values ​​have no justification.

For this reason, the following question arises: is it possible that NIST detected a “significantly larger” class of weak elliptic curves than is commonly believed, tried various possible variants of generating values ​​and found vulnerabilities and is silent? After all, such finds can be used for "their own purposes", these are holes in the security system.

I do not have an answer to this question either, but this is a logical and important question. We know that NIST has at least successfully standardized a vulnerable random number generator (a generator that, oddly enough, is based on the same elliptic curves).

Perhaps he successfully standardized many other weak elliptic curves?
How to check it?
No way.

For example, there are standard NIST curves based on numbers, verifiable random, of understandable origin:
- random numbers for MD5 (hashing algorithm) are obtained from the sine of integers;
- random numbers for Blowfish (a symmetric block encryption algorithm with a variable key length) are obtained from the first numbers of Pi;
- random numbers for RC5 (a block cipher with a variable number of rounds, a variable length of a key and a block) are obtained from the "Euler number" and the golden ratio numbers.
It is important to understand that “verifiable random” and “protected” are not synonyms, but here we at least understand their origin.

2. The situation around this system is very ambiguous.
I do not want to repeat a very large text with verifiable facts. But if you are not afraid, then you can read how it was and check the information.
I described this in my post on December 04, there are 2 posts from one number, read the second, topic:
--------------------
This material reasonably answers important 2 questions:
1. Is cryptography on elliptic curves so safe as we think?
2. Are quantum computations really dangerous for
modern public key cryptosystems?
..............................
Link: https://bitcointalk.org/index.php?topic=5204368.40

3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.

Moreover, quantum Internet is needed only for the safe transfer of a symmetric key, in the absence of a post-quantum cryptosystem with a pair of keys. Symmetric cryptography is able to create a closed communication channel, safe, easier, more practical, cheaper than the proposed technology of quantum Internet.

For this reason, post-quantum cryptography cannot be dispensed with, especially in the post-quantum world.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on December 13, 2019, 10:18:12 AM
3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.

It depends what we are sending over traditional hackable channels. Thinking in classical terms, you send the entire communication through that route, and so you introduce vulnerabilites. But using a quantum approach, it doesn't have to be that way. Quantum entanglement offers a solution - if the entangled photons are sent one to each party, sender and recipient, then the sender can make their photon interact with the data they want to transmit. This measurement alters the entangled photon at the other end as well - transmission of information via this method is Einstein's famous 'spooky action at a distance', a.k.a. quantum teleportation. The thing that is then sent through the classical channel is only the result of the measurment, the interaction between the sender's entangled photon and the information they wish to transmit. Anyone who hacks this message gains nothing, as it is meaningless by itself.

However once the legitimate recipient receives this information, they can then decode the message, because they have the other photon. It is fundamentally unhackable because only sender and recipient have the entangled photons, and because the laws of quantum mechanics mean that any act of measurement, which includes any attempt at hacking or eavesdropping at either the sender's or the recipients' end, alters the state of the entangled photon at the other end, too.

It's this sort of approach that makes me think that quantum cryptography (as opposed to post-quantum cryptography) has a lot of merit. Lattices and elliptic curves and so forth are not fundamentally unhackable due to laws of nature, whereas processes exploiting the laws of quantum mechanics are - or at least can be.

There will of course be huge technical challenges in implementing a quantum-cryptography approach... but work is underway, not just by the Chinese but also at QuTech in the Netherlands (where they are trying out quantum teleportation, as in the link I gave previously).

Here's a diagram giving a brief summary of how quantum entanglement can lead to an unhackable solution (again from my previous link). The pictures are perhaps more eloquent than my chaotic rambling:

https://cdn.technologyreview.com/i/images/quantum-illos-figures.png?sw=616&cx=0&cy=0&cw=1200&ch=2659


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 13, 2019, 02:01:46 PM
3. What gives us the expected quantum Internet?
It would be correct to call it photonic. Photons can be transmitted not only via fiber optic cable, but also "over the air." Which was tested successfully in the last century.
But, this technology is applicable only to special organizations, in the option "only photon interent". We, in everyday life, will have to use sections of wifi or 3-5G to the fiber optic section. And this means all the problems - come back, phishing, attacks on devices, a person in the middle, etc.

It depends what we are sending over traditional hackable channels. Thinking in classical terms, you send the entire communication through that route, and so you introduce vulnerabilites. But using a quantum approach, it doesn't have to be that way. Quantum entanglement offers a solution - if the entangled photons are sent one to each party, sender and recipient, then the sender can make their photon interact with the data they want to transmit. This measurement alters the entangled photon at the other end as well - transmission of information via this method is Einstein's famous 'spooky action at a distance', a.k.a. quantum teleportation. The thing that is then sent through the classical channel is only the result of the measurment, the interaction between the sender's entangled photon and the information they wish to transmit. Anyone who hacks this message gains nothing, as it is meaningless by itself.

However once the legitimate recipient receives this information, they can then decode the message, because they have the other photon. It is fundamentally unhackable because only sender and recipient have the entangled photons, and because the laws of quantum mechanics mean that any act of measurement, which includes any attempt at hacking or eavesdropping at either the sender's or the recipients' end, alters the state of the entangled photon at the other end, too.

It's this sort of approach that makes me think that quantum cryptography (as opposed to post-quantum cryptography) has a lot of merit. Lattices and elliptic curves and so forth are not fundamentally unhackable due to laws of nature, whereas processes exploiting the laws of quantum mechanics are - or at least can be.

There will of course be huge technical challenges in implementing a quantum-cryptography approach... but work is underway, not just by the Chinese but also at QuTech in the Netherlands (where they are trying out quantum teleportation, as in the link I gave previously).

Here's a diagram giving a brief summary of how quantum entanglement can lead to an unhackable solution (again from my previous link). The pictures are perhaps more eloquent than my chaotic rambling:

https://cdn.technologyreview.com/i/images/quantum-illos-figures.png?sw=616&cx=0&cy=0&cw=1200&ch=2659
---------------------------------
You probably know more than me.

Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel?

If you, more precisely your device, are the locator in the same “photon” system with the transmitting device, then physics will work.

And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon?

In addition, it is such an expensive pleasure that quantum cryptography (photon transmission), as far as I know, is needed only in order to exchange the same private keys in this way to use a symmetric encryption system. For the reason that the symmetric AES-256 is not opened by any quantum computer, because in the symmetric key any variant of a key of two to the power of 256 is possible.

And in asymmetric - far from it. For example, in RCA, a key length of 15,300 bits is equal in strength to a 256-bit key in AES.

I do not discuss elliptic cryptography - it is probably hacked for a long time and completely not by exhaustive search, but by cryptanalysis and the presence of vulnerabilities in the elliptic curves themselves.
In serious organizations, it is prohibited for use.

If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times.

If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits.

Therefore, in quantum cryptography - it makes no sense. There is a post-quantum AES system, and all she needs is to exchange keys without using dangerous asymmetric cryptography.

Therefore, if you have a smartphone with Wi-Fi, then no quantum Internet will help you, only post-quantum cryptography.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on December 16, 2019, 08:46:29 AM
You probably know more than me.
I know a little about quantum mechanics, and next to nothing about cryptography.

Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel?
And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon?
Micius has demonstrated QKD wirelessly via satellite. There have been demonstrations using traditional fibre-optic lines, but the entangled state is more vulnerable to collapse using this approach, so satellite may be the better option.

A pair of entangled photons is generated using an interferometer, and one photon is sent to each party in the communication. If in the Micius example you can communicate with the satellite, then you can receive the photon.

They aim to have a global quantum network in place by 2030. I have no opinion on whether or not 2030 is realistic.

If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times.
If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits.

Therefore, in quantum cryptography - it makes no sense.
Quantum cryptography doesn't rely so much on key complexity, it relies more on quantum entanglement, and the fact that a measurement of one photon disturbs the other photon. Hacking is not possible based on the laws of quantum mechanics as we understand them.

I'm not suggesting that quantum cryptography is the only or best approach, just that work is progressing here and it's not necessarily only post-quantum cryptography that should be discussed. There have been objections to QKD itself, but again work is progressing towards better solutions - Kak's 3 stage protocol (https://en.wikipedia.org/wiki/Three-stage_quantum_cryptography_protocol) for example (basically a quantum version of double-lock):

https://www.researchgate.net/profile/Partha_Basuchowdhuri/publication/1960902/figure/fig2/AS:279938969161741@1443754059593/Kaks-three-stage-protocol.png
https://www.researchgate.net/profile/Partha_Basuchowdhuri/publication/1960902/figure/fig2/AS:279938969161741@1443754059593/Kaks-three-stage-protocol.png


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Thekool1s on December 18, 2019, 04:55:48 PM
I have really learnt so much from this thread. I feel like the discussion now needs to heads towards Mining. How Quantum Computers could affect mining and Decentralized aspect of the CryptoCurrencies. One of the thing which is mainly agreed in this thread is a move will be made towards "Quantum resistant Algo", which will prevent Quantum computers to break private keys but what about mining? Given that Quantum computers will be only a few in numbers, Basically these few "companies" would become the centralized figurehead for "Cryptocurrencies". Since there won't be a mining competition how will "cryptocurrencies" survive? Since currently, One of the reasons why people use Cryptos is their Decentralized aspect.

I will give FB's Libra's example. E.g FB gets their hand on one of few early "Quantum computers" they could basically make Libra stand out because it will be the only coin with the most "hashing" power / most secure, but they could easily decide which coin lives and which dies. Basically, if mark then wanted to mine BTCs, even after implementing the "Quantum Resistant" algos, Mark could just mine every block since he will have the most "hashing" power. I'm not familiar with How "Anti Asic" algos for mining work, but could in theory "Anti Quantum" algos could be made for Mining which could prevent this Centralization?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: QuickReview on December 18, 2019, 05:50:10 PM
I have really learnt so much from this thread. I feel like the discussion now needs to heads towards Mining. How Quantum Computers could affect mining

The first quantum computers won't be able to mine Bitcoin because they will not have enough qubits to get the hash of the next block. For that task 2^128 basic quantum operations are needed. That is something for the "second generation quantum computers".
But to get the privatekey only 128^3 basic quantum operations are sufficient and will be within the range of "first generation quantum computers".
https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin

edit

The only thing that quantum computers can do is to speed up the calculation of SHA256 hashes. Even if its faster than normal computers by a factor of thousands, the ASICs would still be way faster than quantum computers. The difficulty will rise and the network would continue as per normal.
 

i dont think qunatum computers can speed up hashing, but anyway this is not what is meant by 'cracking' sha256.

Concerning quantum computers and cryptography, there are two totally different aspects.

1) quantum computers, if ever they come into existence with a lot of qubits (which I personally doubt, but ok), can TOTALLY CRACK the current public key systems based on prime factorisation (RSA, Diffie-Hellmann) or based upon discrete logarithms in groups (elliptic curve crypto).  The algorithm to do so is known, it is Shor's algorithm.  By TOTALLY I mean totally: just ANY key can be cracked in a matter of milliseconds, on the condition that the quantum computer has more qubits than (a few times) the key length.  If such a quantum computer exists, there is simply no difficulty in cracking the key, it doesn't take "days" or anything because the difficulty goes LOGARITHMIC with Shor's algorithm.

2) however, for hash functions, and symmetric crypto like AES-256, it can be shown that a quantum computer can AT BEST use Grover's algorithm to crack it.  Grover's algorithm doesn't crack entirely a hash function, but essentially HALVES ITS BIT STRENGTH.  So a SHA-256 hash (with 256 bits) would not require 2^256 trials like on a classical computer, but "only" 2^128 trials on a quantum computer, which is STILL IMPOSSIBLE to do practically.  Most people think that quantum computers will, if ever they exist, run much slower than classical machines, so 2^128 trials on a quantum machine will be much harder to solve than 2^128 trials on a classical machine.

So while quantum computers can speed up hash function searching, they won't crack it entirely.  The interesting thing is that under certain conditions, it has been established that Grover's algorithm is the best possible one on a quantum machine, to attack a random hash function.

==> big hash functions are still secure against quantum attacks ; most current public key crypto is totally broken by quantum attacks.

This is why it is somewhat strange, in the bitcoin protocol, to have hashed the public key to 160 bits, and not have kept the 256 bits.  If the menace of a quantum attack were the reason for this, it would have been wiser to keep the 256 bit hash as an address instead of the 160 ripemd hash, because under grover's algorithm this would become only 80 bits secure, while the 256 bit hash would remain 128 bit secure under a quantum attack, which is the same level of *classical* security offered by the elliptic curve signature scheme - which wouldn't survive, by itself, a quantum attack.  This is one of the peculiar crypto design "features" of bitcoin...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: gogxmagog on December 19, 2019, 10:50:55 AM
(Frequently Asked Quantum Questions)

https://faqq.info  8) ;)


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Thekool1s on December 19, 2019, 01:05:20 PM
Quote
That is something for the "second generation quantum computers".

Even if you say these will be "The  Second generation of Quantum Computers" the fact remains that these will be only a few in numbers at first, It took decades for "Personal Computers" to roll out after the invention of first few generations. It will be same with the Quantum Computers I believe, Just like its mentioned in this thread currently a Below 0 degree temperature is required to run today's "Quantum Computers". So when these 2nd, 3rd or 4th whatever generation it may be, become a reality. Everybody won't have these in their basements... Only a select few will have the opportunity to work with them. What will happen to the "Decentralized" nature of the CryptoCurriences?

I mean if you look at companies like Bitmain, they use their Asics first and mine the S**t out of them, driving up the hash rate, Once they are done they sell their stuff to the public. All I am saying is will we be able to "save" the decentralized nature of Cryptocurrencies. Once these "Super Machines" become a reality?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: QuickReview on December 19, 2019, 03:52:41 PM
I mean if you look at companies like Bitmain, they use their Asics first and mine the S**t out of them, driving up the hash rate, Once they are done they sell their stuff to the public.
Guess, what some private quantum computer developers will make before maybe selling it.
I do not know why people think that Bitcoin security will stop as is and too worried about quantum computers.  It maybe a threat but I am sure, Bitcoin developers will find way to level Bitcoin's security up before that happen.
That's not an issue. Bitcoin developers have already post quantum solutions.
But there are lots of 'shalecoins', https://bitcointalk.org/index.php?topic=5134441.0 coins with no owner. With quantum computers, these coins will become active and change the Bitcoin ecosystem.

Satoshi had already thought of the quantum computers, and the possible decoding of the privatekeys if it became available, ..
His coins would be quantum secured, if he sent them to P2PKH addresses. But he did not and isn't doing.

All I am saying is will we be able to "save" the decentralized nature of Cryptocurrencies. Once these "Super Machines" become a reality?
Yes, we will still have decentralized cryptos. It depends on us which coins will exist pre- and post-quantum. What we need is a quantum resistant signature system on the Bitcoin network now, even if we don't have to use it but it should be possible if we wanted to.

And for the "second generation quantum computers" people are already developing post SHA-hash signature systems. So we would then change to post SHA-hash signature systems before "second generation quantum computers" exist.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 21, 2019, 04:12:03 PM
You probably know more than me.
I know a little about quantum mechanics, and next to nothing about cryptography.

Explain how you can have a photon associated with the transmitted, if you are not connected directly to the photon transmission channel?
And if you hold in your hand a smartphone that is connected to the Internet via 3,4,5-G, then how will you have a coupled photon?
Micius has demonstrated QKD wirelessly via satellite. There have been demonstrations using traditional fibre-optic lines, but the entangled state is more vulnerable to collapse using this approach, so satellite may be the better option.

A pair of entangled photons is generated using an interferometer, and one photon is sent to each party in the communication. If in the Micius example you can communicate with the satellite, then you can receive the photon.

They aim to have a global quantum network in place by 2030. I have no opinion on whether or not 2030 is realistic.

If in a symmetric AES system you increase the key by 2 times (256-512), then the load on the computer will increase by about 2 times.
If you increase the key by 2 times in RCA, then the load will increase by 8 times with a key length of 1024 bits - 2048 bits.

Therefore, in quantum cryptography - it makes no sense.
Quantum cryptography doesn't rely so much on key complexity, it relies more on quantum entanglement, and the fact that a measurement of one photon disturbs the other photon. Hacking is not possible based on the laws of quantum mechanics as we understand them.

I'm not suggesting that quantum cryptography is the only or best approach, just that work is progressing here and it's not necessarily only post-quantum cryptography that should be discussed. There have been objections to QKD itself, but again work is progressing towards better solutions - Kak's 3 stage protocol (https://en.wikipedia.org/wiki/Three-stage_quantum_cryptography_protocol) for example (basically a quantum version of double-lock):

https://www.researchgate.net/profile/Partha_Basuchowdhuri/publication/1960902/figure/fig2/AS:279938969161741@1443754059593/Kaks-three-stage-protocol.png
https://www.researchgate.net/profile/Partha_Basuchowdhuri/publication/1960902/figure/fig2/AS:279938969161741@1443754059593/Kaks-three-stage-protocol.png
------------------
Quantum cryptography and quantum internet are photonic systems.
There are no quants there, there are quantum states of photons, such as the spin of a photon.

This is a game of words - "quantum Internet" or "quantum cryptography" - which greatly confuses its understanding by amateurs.

Let's see the essence, photonic systems are a lowering of hands before the call that quantum computers of modern public key cryptography have put.

It's like you used to have an elegant key to your house door, and now you've knocked down your door with a giant stone, counting on the thief not moving it.

That's a step back. Mankind loves these steps because they are man-made, because they create new value in the mass of new equipment, because the Internet can be made both safe and expensive.

Of course, it's the way of the monkey.
This is the path that mankind will leave behind like an old lamp TV when there is a new safe cryptography.

I support the idea that the mind always conquers power.
See if you want to make God laugh, tell him your plans...

In other words, they're systems that transmit light waves:

1) or via fiber optic cable (second half of the 20th century, soon this technology will turn 100 years old), without the possibility of wi-fi points at the end of this path;
2) or transmitting light photons by laser within line of sight.

The example you're looking at: "Micius has demonstrated QKD wirelessly via satellite" is very unhelpful for us ordinary users, but very much liked by rich and government organizations - there's plenty to write off "our" money. The monkey's way, but the rich monkey's way.

In this case, there is a problem, the receiver and the transmitter must be constantly on the same line! And that with a moving satellite!
They must be oriented strictly parallel to each other, which is very difficult to do when the source (satellite) moves at high speed on a circular trajectory.

Such an accurate mutual orientation of the quantum receiver and transmitter is similar to getting a coin from an airplane flying at an altitude of 100 thousand meters - exactly in the slot of the piggy bank, which, moreover, rotates.

It wasn't my idea," says Wang Jianyu, QUESS Project Manager.

 These and other achievements, not only are very expensive, they are absolutely unacceptable for us who own devices connected to wi-fi.

This is not the side of progress that the future holds.

Especially since all these experiments have been carried out successfully a long time ago, many of them, not later than 1987. 
But in those distant times, people still knew how to think, and this technology was postponed, it was waiting for a more appropriate time, our time.

That's your idea:
"So in quantum cryptography, it doesn't make sense.
Quantum cryptography doesn't rely so much on the complexity of the key, it relies more on the quantum complexity and the fact that measuring one photon interferes with another photon. "
- Cryptography is necessary because stealing information from this channel is not prohibited, it is just a fact that participants will know about it. In other words, this quantum (photon) cryptography does not protect the information, but on the contrary highlights it so that it can be seen with the naked eye, literally. Photons we see...

Your idea:
"There were objections to QKD itself, but again the work is moving towards better solutions, like the three-step Kaka protocol (mainly the quantum version of the double lock):"
- is a logical use of photon states, again with all the resulting disadvantages for us ordinary users to use photons, fiber, direct line of sight and so on, but not wi-fi or 3,4,5,6G is not the way for us.

Our way is keyless cryptography and password-free authentication, my topic is here:
https://bitcointalk.org/index.php?topic=5204368.0.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 24, 2019, 09:30:09 PM
Not only quantum computing is dangerous.

The development of illegal attack techniques on networks and the large finances of cybercrime are much more dangerous.

Although the most famous specialists put quantum computing first.

I don't agree with them.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Saidasun on December 27, 2019, 08:46:18 PM
Not only quantum computing is dangerous.

The development of illegal attack techniques on networks and the large finances of cybercrime are much more dangerous.

Although the most famous specialists put quantum computing first.

I don't agree with them.
I agree there are other bigger threats to Bitcoin than quantum computing but what are you hinting to when you say "illegal attacks"?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 27, 2019, 10:11:21 PM
Not only quantum computing is dangerous.

The development of illegal attack techniques on networks and the large finances of cybercrime are much more dangerous.

Although the most famous specialists put quantum computing first.

I don't agree with them.
I agree there are other bigger threats to Bitcoin than quantum computing but what are you hinting to when you say "illegal attacks"?
----------------------------------------------
It's the complexity of machine translation, all attacks are illegal, that's right.

Including attacks on cryptography using quantum computing (using a quantum computer).

And by "more dangerous" attacks, I mean exploiting for criminal purposes the weaknesses of cryptography itself on elliptic curves.

I don't understand it, why one part of people consider it reliable, and officials of special organizations categorically prohibit its use.

I do not understand why there is one cryptography for all of us, it is like household cryptography, and why there is another cryptography for special organizations and government agencies.

I don't understand why for so many years, long before the quantum computer was going to be built, so many serious people and organizations around the world are looking for a replacement for existing encryption methods.

After all, from an attack with quantum computing, it is enough to simply increase the length of the key.

After all the key in AES 256 bits long is not afraid of quantum computers (it is left as a working mechanism on post quantum period) because the method of encryption itself is very successful.

And cryptography on elliptical curves with any key length is not suitable.
And that's with the fact that the key length of even 512,000 bits or more - post quantum cryptography suits everyone!!!

So there's something wrong with ECC?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on December 28, 2019, 07:34:17 AM
from an attack with quantum computing, it is enough to simply increase the length of the key.
No, it's not. QC processing power increases exponentially with each new qubit. This is why scaling up a QC can produce such phenomenal power.
Where a classical computer with 'n' bits can represent 'n' states, a quantum computer can represent (2n) states.
So as we increase complexity, the number of states that can be represented are as follows:
Classical: 1,2,3,4,5,6,7,8 etc
Quantum: 1,2,4,8,16,32,64,128 etc.


So there's something wrong with ECC?
Yes, there is. A QC can use Shor's algorithm to break ECC.

There is a lot of good work being done in post-quantum cryptography, as we've covered previously:

  • Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle (https://hackernoon.com/wtf-is-cuckoo-cycle-pow-algorithm-that-attract-projects-like-cortex-and-grin-ad1ff96effa9), Momentum (http://www.hashcash.org/papers/momentum.pdf) and Equihash (https://en.wikipedia.org/wiki/Equihash).
  • Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS (https://cryptoservices.github.io/quantum/2015/12/08/XMSS-and-SPHINCS.html), but more promising (as far as I can tell) are the lattice-based (https://en.wikipedia.org/wiki/Lattice-based_cryptography) approaches such as Dilithium (https://pq-crystals.org/dilithium/), which I think is already used by Komodo.

... and I do think that many of these approaches look promising. My main concern is that post-quantum-cryptography solutions are based merely on being very difficult to hack, whereas quantum-cryptography is in theory fundamentally unhackable due to the immutable physical laws of quantum mechanics.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 28, 2019, 12:45:11 PM
from an attack with quantum computing, it is enough to simply increase the length of the key.
No, it's not. QC processing power increases exponentially with each new qubit. This is why scaling up a QC can produce such phenomenal power.
Where a classical computer with 'n' bits can represent 'n' states, a quantum computer can represent (2n) states.
So as we increase complexity, the number of states that can be represented are as follows:
Classical: 1,2,3,4,5,6,7,8 etc
Quantum: 1,2,4,8,16,32,64,128 etc.


So there's something wrong with ECC?
Yes, there is. A QC can use Shor's algorithm to break ECC.

There is a lot of good work being done in post-quantum cryptography, as we've covered previously:

  • Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle (https://hackernoon.com/wtf-is-cuckoo-cycle-pow-algorithm-that-attract-projects-like-cortex-and-grin-ad1ff96effa9), Momentum (http://www.hashcash.org/papers/momentum.pdf) and Equihash (https://en.wikipedia.org/wiki/Equihash).
  • Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS (https://cryptoservices.github.io/quantum/2015/12/08/XMSS-and-SPHINCS.html), but more promising (as far as I can tell) are the lattice-based (https://en.wikipedia.org/wiki/Lattice-based_cryptography) approaches such as Dilithium (https://pq-crystals.org/dilithium/), which I think is already used by Komodo.

... and I do think that many of these approaches look promising. My main concern is that post-quantum-cryptography solutions are based merely on being very difficult to hack, whereas quantum-cryptography is in theory fundamentally unhackable due to the immutable physical laws of quantum mechanics.
----------------------
In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.

Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.

They should not be confused with related quantum states, it's a completely different approach to the problem.

We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.

It's post quantum mathematical cryptography that we are planning.

You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.

If cryptography on elliptical curves, as well as any other cryptography with a public and private key was reliable, and everything depended only on the length of the key, then no search for post quantum systems would be done by mankind.

Moreover, a large number of cryptographic systems that were candidates for post quantum encryption systems were not cracked by quantum computers, but by good old cryptanalysis, mathematical methods.

The key which is not broken by full search in system AES length 256 bits - corresponds to a key 15300-16400 bits in system RSA. If it were only for the speed of quantum computing, you could use an RSA with a key length of 16400 bits or more, or cryptography on elliptical curves (ECC) with a length of 512 bits.

Instead, AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.

Moreover, for serious secrets 5 years ago they were forbidden to use, this is only what has already leaked to the press.
Neither ECC, nor RSA have ever been used in serious cases 10 years ago.
Details here, post dated December 04, see:
https://bitcointalk.org/index.php?topic=5204368.0.

Therefore, there is only one conclusion - all modern asymmetric systems with a pair of public and private keys - do not fit with any length of the key precisely because they are weak, but the details of this circumstance are not specified and few people know.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on December 28, 2019, 04:06:26 PM
In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.

Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.

They should not be confused with related quantum states, it's a completely different approach to the problem.
I agree, and I'm well aware of the distinction. Post-quantum cryptography and quantum cryptography are completely different things. It's unfortunate that they have such similar names!


We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.

It's post quantum mathematical cryptography that we are planning.
Not sure I agree with this point. I would contend, as I have previously, that work in quantum cryptography is progressing at pace and whilst there are technical issues to overcome, it does potentially offer a fundamentally unhackable solution to quantum attacks, and one which can be used in the mainstream. Having said that, of course post-quantum cryptography is hugely important as well, and work is progressing there, too. There's no need to focus on just the one approach, though, and dismiss the other.


You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.
I think we agree, but are coming at this from different angles. An increase in key length is trivial to overcome if we're talking about asymmetric cryptography, where a quantum computer can apply Shor's algorithm. But as you state below, AES-256 is symmetric.


AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.
AES-256 security may be fine currently, it may be resistant to the best current attack (Grover search), but that's my point. Quantum cryptography uses the laws of quantum mechanics to make a system absolutely unhackable for all time, whereas post-quantum cryptography makes a system secure against current attacks, with no guarantee of security against future technology or future algorithms.

If AES-256 can beat Grover, what about other approaches? Quantum Square Attacks? Biclique Attacks (https://en.wikipedia.org/wiki/Biclique_attack)? How about all mathematical attacks that haven't yet been devised?

I'm being flippant, and I do agree that there is certainly a chance that a post-quantum cryptography solution will remain forever secure, but we can't know for certain. My point is merely that we should investigate both quantum cryptography and post-quantum cryptography. It seems wasteful to focus solely on one approach.

I value the discussion immensely, by the way - thank you :)


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 28, 2019, 08:34:03 PM
In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.

Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.

They should not be confused with related quantum states, it's a completely different approach to the problem.
I agree, and I'm well aware of the distinction. Post-quantum cryptography and quantum cryptography are completely different things. It's unfortunate that they have such similar names!


We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.

It's post quantum mathematical cryptography that we are planning.
Not sure I agree with this point. I would contend, as I have previously, that work in quantum cryptography is progressing at pace and whilst there are technical issues to overcome, it does potentially offer a fundamentally unhackable solution to quantum attacks, and one which can be used in the mainstream. Having said that, of course post-quantum cryptography is hugely important as well, and work is progressing there, too. There's no need to focus on just the one approach, though, and dismiss the other.


You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.
I think we agree, but are coming at this from different angles. An increase in key length is trivial to overcome if we're talking about asymmetric cryptography, where a quantum computer can apply Shor's algorithm. But as you state below, AES-256 is symmetric.


AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.
AES-256 security may be fine currently, it may be resistant to the best current attack (Grover search), but that's my point. Quantum cryptography uses the laws of quantum mechanics to make a system absolutely unhackable for all time, whereas post-quantum cryptography makes a system secure against current attacks, with no guarantee of security against future technology or future algorithms.

If AES-256 can beat Grover, what about other approaches? Quantum Square Attacks? Biclique Attacks (https://en.wikipedia.org/wiki/Biclique_attack)? How about all mathematical attacks that haven't yet been devised?

I'm being flippant, and I do agree that there is certainly a chance that a post-quantum cryptography solution will remain forever secure, but we can't know for certain. My point is merely that we should investigate both quantum cryptography and post-quantum cryptography. It seems wasteful to focus solely on one approach.

I value the discussion immensely, by the way - thank you :)
---------------------
Dear opponent!
This is the first qualitative version of the discussion with my participation.  I am very pleased that there are interesting interlocutors on this business cryptographic platform.

When I wrote my posts on this topic, I thought that superficial knowledge was more successful than deeper knowledge.

But after reading your post, I realized that I was wrong.

But you know, I read a lot of opinions on "what cryptography we will need".

Of course, quantum cryptography is a technical, scientific, technological step forward. Although, in fact, nothing new is observed from the knowledge that we had 40 years ago.

Let me tell you something else.  Quantum cryptography, not only in my opinion, is it a big, powerful mechanism that needs to lift a big load. Simple, not tricky, the engineer's reasoning is this:
- if the load is 10 times heavier, then you need a crane 10 times more powerful. Scrap against scrap. It works. It's convincing. But it's not exactly an engineering approach, I think. It's force versus force.

I'm a supporter of beautiful engineering, I'm a supporter of ingenuity and cunning, intelligence and innovation - and against brute force.

For this reason, I don't like the solution of the problem with quantum cryptography, but I'd really like the solution with post quantum mathematical, logical, unusual solutions.

No matter how actively quantum encryption methods are developed, if a solution is found in the direction of post quantum (mathematical) cryptography, this solution will be cheaper, simpler, more elegant, more attractive, and will have a much greater commercial success than physical quantum cryptography.

Especially since quantum methods (actually old photonic systems, but words are always ahead of the curve, it's the golden law of advertising) plan to be used as a transport protocol, not as encryption itself.
Or as an encryption key exchange system for reliable mathematical symmetric encryption systems.
As a replacement for cryptography with a pair of open and private keys.
No more than that.
Especially since quantum cryptography is ABSOLUTELY not protected from information theft. It simply informs the recipient how much information is lost, but does not protect against theft!!!

Unlike some post quantum (mathematical) encryption systems.

Weighing all of the above, I am in favor of a future dominated by post quantum cryptographic systems, not quantum cryptography.
 
Otherwise, it is the surrender of progressive human thought to brute physical force.

And if you look even deeper, I am a supporter of new geometric principles of encryption, without a key, and principles of new authentication without a password.
It's my theme:
https://bitcointalk.org/index.php?topic=5204368.0.
и
https://bitcointalk.org/index.php?topic=5209297.0   


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on January 02, 2020, 01:40:40 PM
23 December: The first demonstration of chip-to-chip quantum teleportation has been achieved. (https://www.bristol.ac.uk/news/2019/december/quantum-teleportation.html)

A team at Bristol University have been able to use quantum entanglement to transmit information (4 qubits) between two silicon computer chips, and they have achieved fidelity of 91%, which is very encouraging. Even more encouraging, the functionality that was demonstrated included entanglement swapping (https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.123.160501) and four-photon Greenberger-Horne-Zeilinger entanglement (https://www.nature.com/articles/s41566-018-0257-6), which are important requirements for the establishment of future quantum networks.

This is the instant, fundamentally unhackable data transfer that I've mentioned in previous posts (see here (https://bitcointalk.org/index.php?topic=5157696.msg53335061#msg53335061) for a very simple overview of how entanglement works). There is no reliance on the esoteric cryptographic protocols of PQC that may or may not be broken in future, but rather a simpler dependency on the basic laws of quantum mechanics.

Admittedly the experiment was done with expensive specialised equipment, but it is early days, and there is no reason in theory why in future quantum cryptography using entanglement can't become a secure communications standard used by everyday users on cheap, mass-produced hardware.

https://scx2.b-cdn.net/gfx/news/2019/firstchiptoc.jpg


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on January 08, 2020, 10:47:11 PM
23 December: The first demonstration of chip-to-chip quantum teleportation has been achieved. (https://www.bristol.ac.uk/news/2019/december/quantum-teleportation.html)

A team at Bristol University have been able to use quantum entanglement to transmit information (4 qubits) between two silicon computer chips, and they have achieved fidelity of 91%, which is very encouraging. Even more encouraging, the functionality that was demonstrated included entanglement swapping (https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.123.160501) and four-photon Greenberger-Horne-Zeilinger entanglement (https://www.nature.com/articles/s41566-018-0257-6), which are important requirements for the establishment of future quantum networks.

This is the instant, fundamentally unhackable data transfer that I've mentioned in previous posts (see here (https://bitcointalk.org/index.php?topic=5157696.msg53335061#msg53335061) for a very simple overview of how entanglement works). There is no reliance on the esoteric cryptographic protocols of PQC that may or may not be broken in future, but rather a simpler dependency on the basic laws of quantum mechanics.

Admittedly the experiment was done with expensive specialised equipment, but it is early days, and there is no reason in theory why in future quantum cryptography using entanglement can't become a secure communications standard used by everyday users on cheap, mass-produced hardware.

https://scx2.b-cdn.net/gfx/news/2019/firstchiptoc.jpg
----------------------
Transmission from one chip to another is quantum entanglement, it's always the transmission of photons.
They transfer photons between chips.
At a very, very short distance, it seems to be within a centimeter. It's a normal waveguide. That's it.
 
It's a path to the photonic Internet, not quantum networks. No one's dealing with quanta networks. It's a mix-up.
They're dealing with quantum states of photons. It's technology of the future, but not ours.
Hardly anyone would make you give up your favorite smartphone with a wi-fi or 3.4.5.6G internet and sit behind a stationary device.

Without post quantum mathematical (not quantum) cryptography, which encrypts on an ordinary smartphone, computer (not a quantum computer), no one will do. No ordinary user, no VIP.

It's just science. It won't make the world safe, even if it works tomorrow.
We're being given another illusion.
These successful experiments are needed for secure communication between government and large corporations.

What do you and I need it for?
A network based on ordinary light rays, photons of light?

It's a mistaken and commercial distortion of reality to call it "quantum networks". It sounds beautiful, but it's not true, it's expensive and stupid.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: tromp on January 09, 2020, 11:53:41 AM
> I know how to calculate the genesis private key

Sign the message "i no money" with said key as proof of knowledge, or take your scam elsewhere.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on January 09, 2020, 02:29:09 PM
It's a path to the photonic Internet, not quantum networks. No one's dealing with quanta networks. It's a mix-up.
They're dealing with quantum states of photons. It's technology of the future, but not ours.
Hardly anyone would make you give up your favorite smartphone with a wi-fi or 3.4.5.6G internet and sit behind a stationary device.

What do you and I need it for?
A network based on ordinary light rays, photons of light?

It's a mistaken and commercial distortion of reality to call it "quantum networks". It sounds beautiful, but it's not true, it's expensive and stupid.

A quantum internet (with its unhackable absolute security) isn't a complete replacement for the internet we have now, in the same way that quantum computers aren't a replacement for classical computers.

The team at Delft whom I've referenced before have devised a six-stage roadmap (below). A quantum internet can be built incrementally on top of what we already have, with different levels of functionality at each stage.

Quote
SIX STEPS TO A QUANTUM INTERNET

0 Trusted-node network: Users can receive quantum-generated codes but cannot send or receive quantum states. Any two end users can share an encryption key (but the service provider will know it, too).

1 Prepare and measure: End users receive and measure quantum states (but the quantum phenomenon of entanglement is not necessarily involved). Two end users can share a private key only they know. Also, users can have their password verified without revealing it.

2 Entanglement distribution networks: Any two end users can obtain entangled states (but not to store them). These provide the strongest quantum encryption possible.

3 Quantum memory networks: Any two end users to obtain and store entangled qubits (the quantum unit of information), and can teleport quantum information to each other. The networks enable cloud quantum computing.

4 & 5 Quantum computing networks: The devices on the network are full-fledged quantum computers (able to do error correction on data transfers). These stages would enable various degrees of distributed quantum computing and quantum sensors, with applications to science experiments.


So stage 0 is kind of a pre-cursor to a quantum internet, where the only quantum activity is undertaken by the ISP. The quantum cryptographic key is created, but the ISP is like a trusted node. This stage is already live in parts of China (https://www.insidescience.org/news/china-leader-quantum-communications).

In stage 1 the quantum key is generated by the sender, so it is truly encrypted, with no middle-man. This has already been tested successfully as I mentioned above with Micius (https://www.nature.com/news/china-s-quantum-satellite-clears-major-hurdle-on-way-to-ultrasecure-communications-1.22142) (China again).

I am happy to concede that there is a huge amount of work required to progress to the end of the roadmap, quantum repeaters being just one example, but the direction of travel is encouraging.

A functioning and useful quantum internet won't need a massive expensive multi-qubit quantum computer in every home at all, but simply a means of transmitting and receiving quantum information. IBM has already had a simple quantum computer in the cloud since 2016 (http://faculty.fairfield.edu/cbernhardt/TasteQuantumComputing.pdf).



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: 2020quantumdecade on January 09, 2020, 03:08:52 PM
Hello, i know how to calculate..
https://b.radikal.ru/b24/2001/08/12c85c1e3d36.jpg (http://www.radikal.ru)

We also know how to calculate it
https://en.wikipedia.org/wiki/Shor's_algorithm
but we don't have the device. Not yet, but soon, this decade.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on January 09, 2020, 07:40:01 PM

SIX STEPS TO A QUANTUM INTERNET

0 Trusted-node network: Users can receive quantum-generated codes but cannot send or receive quantum states. Any two end users can share an encryption key (but the service provider will know it, too).

1 Prepare and measure: End users receive and measure quantum states (but the quantum phenomenon of entanglement is not necessarily involved). Two end users can share a private key only they know. Also, users can have their password verified without revealing it.

2 Entanglement distribution networks: Any two end users can obtain entangled states (but not to store them). These provide the strongest quantum encryption possible.

3 Quantum memory networks: Any two end users to obtain and store entangled qubits (the quantum unit of information), and can teleport quantum information to each other. The networks enable cloud quantum computing.

4 & 5 Quantum computing networks: The devices on the network are full-fledged quantum computers (able to do error correction on data transfers). These stages would enable various degrees of distributed quantum computing and quantum sensors, with applications to science experiments.


So stage 0 is kind of a pre-cursor to a quantum internet, where the only quantum activity is undertaken by the ISP. The quantum cryptographic key is created, but the ISP is like a trusted node. This stage is already live in parts of China (https://www.insidescience.org/news/china-leader-quantum-communications).

In stage 1 the quantum key is generated by the sender, so it is truly encrypted, with no middle-man. This has already been tested successfully as I mentioned above with Micius (https://www.nature.com/news/china-s-quantum-satellite-clears-major-hurdle-on-way-to-ultrasecure-communications-1.22142) (China again).

I am happy to concede that there is a huge amount of work required to progress to the end of the roadmap, quantum repeaters being just one example, but the direction of travel is encouraging.

A functioning and useful quantum internet won't need a massive expensive multi-qubit quantum computer in every home at all, but simply a means of transmitting and receiving quantum information. IBM has already had a simple quantum computer in the cloud since 2016 (http://faculty.fairfield.edu/cbernhardt/TasteQuantumComputing.pdf).


[/quote]
----------------------
Yes, I agree with your conclusions, it's all true.
But this is good for the part of the network that is far from the end user, the backbone part of the network.
In this part of the network, indeed, any change in information will be impossible.

I am for progress, for everything technological, especially when the laws of physics are the basis of these innovations.
But I draw conclusions, I watch intentions diverge from reality.
How loud promises actually turn into advertising tricks.

Let's find out where we are most often attacked? As of today.  Among other things, I am talking about the most dangerous attack - the "man in the middle" technology. 
Most often it is not carried out on a segment of the network remote from us.
I think that from what I have learned, the most common places to attack are those that are close to the user: routers, other network access points, the end devices themselves.

None of these threats aimed at the end user, at the specified attack points, the quantum (photon) Internet offered to us - does not solve anything.

Modern protocols, based on modern cryptography, provide everything you expect from the "quantum Internet", except one thing - discreet copying of information, eavesdropping on your channel.

But this danger is solved by reliable cryptography, methods that are simpler and smarter than the mass of new equipment for the transmission of linked photons (quantum Internet).

If you are subject to a competent attack, information, any, before the Internet, before encryption, will be stolen invisibly directly from your devices, not from the backbone networks of the Internet.
All scammers and criminals working for governments are looking for easy ways to get information.

For example, fresh information, all Samsung devices are secretly spying on their users, on the government of China, not the government of South Korea. You see what a serious approach to espionage is. How will the quantum internet save you?

I think that all such technologies, except the quantum computer, are of scientific interest and will only be prepared for commercial success.

We need a good secret communication channel, which should be protected by post quantum cryptography. Cheap, reliable, affordable way.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on January 09, 2020, 08:05:17 PM
Hello, i know how to calculate..
https://b.radikal.ru/b24/2001/08/12c85c1e3d36.jpg (http://www.radikal.ru)

We also know how to calculate it
https://en.wikipedia.org/wiki/Shor's_algorithm
but we don't have the device. Not yet, but soon, this decade.
----------------------
How cryptanalysis works, especially against asymmetric encryption systems, will not be written to you on the Internet, let alone on Wikipedia.  It's a mystery that cryptanalysis is all about.

The life and work of cryptoanalysts is classified. Even their family doesn't know what they do, the results of their work are so important.

If they did not work well, asymmetric cryptography would be solved for serious questions. But it's not allowed.

Why is that?

Because it's used by those in power, and it's not written on public bulletin boards.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on February 12, 2020, 08:29:41 AM
There has been a potentially important advance in qubit stability, published yesterday in Nature (https://www.nature.com/articles/s41467-019-14053-w).

Anyone with a passing interest knows that maintaining the qubit state is a big problem in quantum computing. The quantum system is quite fragile, and any interaction with the wider environment can cause the state to decohere (decoherence (https://en.wikipedia.org/wiki/Quantum_decoherence) meaning not actual wave function collapse, but rather the leaking of information across the boundary between the quantum system and its surroundings).

There have been various attempts in the past to increase stability, some (such as magnetic containment) being more successful than others.

The new experiment from the University of New South Wales uses quantum dots rather than normal silicon atoms, and they've built artificial atoms around these quantum dots - it's this approach that has increased the stability hugely.

The problem with 'traditional' (I say traditional, but really QC is all quite new!) devices built on silicon atoms is that there are always atomic imperfections, which disrupt the qubits and lead to a high chance of decoherence. This new experiment removes the atomic nucleus entirely, and instead applies a voltage to pull in spare electrons to orbit the dot. This is then repeated until the inner electron shells have formed. So instead of a normal atom, with a nucleus surrounded by spherical electron shells, you end up with a quantum dot surrounded by flat 2D circular electron shells. So they are mimicking the atomic structure but doing away with the messy nuclear stuff so it's essentially just clean shells around the dot.

This done, the key step is to build up the complete inner shells and then add one more electron to the next outer shell. This is a bit like painting multiple coats on a wall, you build up the thickness to smooth everything out. Complete shells always sum to zero, but the added electron in the incomplete outer shell can be used for the spin measurement for the qubit.

Basically it's a variant of the standard approach that removes the problem of atomic imperfections, and then improves stability further by building complete orbital electron shells beneath the final electron.

Apologies if this is either too technical or not technical enough, it's difficult to strike a balance, and as always with QC it can be a challenge to make sure you've understood everything correctly - I think I have, but please let me know if I've made some false connections here.

Anyway, it's an interesting approach and could end up being quite an important marker on the road towards stable large-scale QC production.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: 2ndGENQC on February 13, 2020, 03:59:50 PM
And for the "second generation quantum computers" people are already developing post SHA-hash signature systems. So we would then change to post SHA-hash signature systems before "second generation quantum computers" exist.

The development of "second generation quantum computers" will bring the most exciting times, hashing will be history. We will make all "lost" coins active.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on February 24, 2020, 09:54:39 AM
the most exciting times, hashing will be history. We will make all "lost" coins active.

"Exciting times" brings to mind the Chinese curse of living in interesting times.

Lost coins on the chain will indeed be vulnerable to QCs as these are the ones that won't be moved to quantum-safe addresses following a bitcoin upgrade. Making these coins available for theft by QCs could be terrible for bitcoin's price, but more so for faith in crypto as a whole, similarly if anything not moved was burned to prevent theft by QCs. There's no easy answer here.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: qubitasic on February 27, 2020, 03:06:14 PM
Re: I don't believe Quantum Computing will ever threaten Bitcoin

McAfee’s chief technology officer: Start protecting against quantum computing hacks now
https://venturebeat.com/2020/02/25/mcafee-start-protecting-against-quantum-computing-hacks-now/
McAfee’s chief technology officer warned that it’s time for companies to start worrying about quantum computing attacks that can break common forms of encryption available today, even if quantum computing isn’t going to be practical for a while.
Grobman said. “Now I know what you are thinking: Quantum is not coming anytime soon. But we can’t think of quantum in terms of eventually or tomorrow."
“We need quantum-resistant algorithms as soon as possible,” Grobman said.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on March 10, 2020, 05:31:25 AM
Re: I don't believe Quantum Computing will ever threaten Bitcoin

McAfee’s chief technology officer: Start protecting against quantum computing hacks now
https://venturebeat.com/2020/02/25/mcafee-start-protecting-against-quantum-computing-hacks-now/
McAfee’s chief technology officer warned that it’s time for companies to start worrying about quantum computing attacks that can break common forms of encryption available today, even if quantum computing isn’t going to be practical for a while.
Grobman said. “Now I know what you are thinking: Quantum is not coming anytime soon. But we can’t think of quantum in terms of eventually or tomorrow."
“We need quantum-resistant algorithms as soon as possible,” Grobman said.

-------------------------------------
What exactly are the dangers of quantum computing?
It's very simple.
I'm talking about the global, the danger to a lot of people, not to private cases.

All protection protocols, I'm talking about cryptographic methods of protection, built on a principle:
1. Asymmetric cryptography is the first step in any protocol to agree on a common session key for symmetric cryptography.
2. The second step is symmetric cryptography encryption, where secrets are encrypted securely (AES).

Why is a quantum computer dangerous today that will work far tomorrow?

Because all of our encrypted messages are stored.
Details:
- those encryptions that are very interesting - stored many times, it's communication between interesting and big people of our time;
- all other messages are also stored, just in case, they can be interesting, probably.

Now how quantum cheaters will work:
1) they will only crack the first stage of the encryption protocol - only asymmetric cryptography, where the shared session encryption key was encrypted. That's it.
2) They use the resulting key to quietly read the AES cipher, the second step of the encryption protocol.

And now, everything falls into place: AES-256, the symmetric system, is not cracked, and RSA (with any length of key) or ECC (with any length of key), the asymmetric system is cracked without a doubt, even by very weak, first quantum computers.

That's why everyone is so concerned, that's why post quantum asymmetric encryption systems are already needed.

Yes, not all people encrypt good messages, there are so many that lead two lives at once and one of those lives is very bad.
But the bad thing is to read and decide what's bad and what's good will be guys with the same questionable reputation as the first ones.

Here is the real vulnerability of all the key encryption methods: everything secret, sooner or later, becomes known and not secret.

This vulnerability is completely devoid of new keyless encryption systems.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: fabiorem on March 10, 2020, 07:37:39 PM
I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Ryutaro on March 10, 2020, 08:39:49 PM
I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.


there already exist several working ones ( google sycamore, D-wave, IBM Q...) and they are continuously being improved. Companies like D-wave succeeded in using quantum computing to solves real-world problems such as minimizing error in a voice recognition system, controlling risk in a financial portfolio, or reducing energy loss in an electrical grid. source (https://www.dwavesys.com/sites/default/files/D-Wave%202X%20Tech%20Collateral_0915F.pdf)

also, leading countries from all over the world are investing insane amounts of money in quantum computing research for obvious reasons to get their hands on this new monster.

IBM (https://quantum-computing.ibm.com/login) is already offering free limited access to their systems, you can now create an account and try your quantum circuits and run them on their quantum computers plus they are offering step by step guides and tutorials.

https://i.imgur.com/fTOP5an.png (https://www.google.com/imgres?imgurl=http%3A%2F%2Fcdn.static-economist.com%2Fsites%2Fdefault%2Ffiles%2Fexternal%2Ftq2017%2Fcharts%2F20170311_01_DESKTOP.png&imgrefurl=http%3A%2F%2Fwww.economist.com%2Fnews%2Fessays%2F21717782-quantum-technology-beginning-come-its-own&tbnid=uB2HX67OPzmvtM&vet=12ahUKEwjijd-v3pDoAhXYw4UKHZEkC2IQMygEegUIARDXAQ..i&docid=2-G1Znb4vgWneM&w=1190&h=699&q=annual%20spending%20on%20quantum%20computing&ved=2ahUKEwjijd-v3pDoAhXYw4UKHZEkC2IQMygEegUIARDXAQ)


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on March 13, 2020, 02:55:03 PM
I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.


there already exist several working ones ( google sycamore, D-wave, IBM Q...) and they are continuously being improved. Companies like D-wave succeeded in using quantum computing to solves real-world problems such as minimizing error in a voice recognition system, controlling risk in a financial portfolio, or reducing energy loss in an electrical grid.

You are absolutely correct that QCs exist and that they are being improved all the time.

However, you mentioned D-Wave, so we do need to be mindful of the distinction between quantum annealers (such as D-Wave) and universal gate quantum computers (true quantum computers). Annealers are more like quantum simulators than actual quantum computers, and they will never be a threat to bitcoin because they can't run Shor's algorithm, which is what a QC would use to break elliptic curve cryptography.

The annealing approach exploits the phenomenon of quantum tunnelling (https://en.wikipedia.org/wiki/Quantum_tunnelling) - this is a low-energy shortcut, analagous to moving between adjacent valleys by cutting straight through the hill rather than going up one side and down the other. Annealing is more for problems where there are a huge number of possible solutions, and we're just looking for one that is sufficient out of that multitude of possibilities, a 'local minimum'. So annealers are good for problems that fit into the 'travelling salesman' category, or materials science where we just want to develop a material that has sufficient strength or malleability or heat-resistance.

Universal gate quantum computers on the other hand are the ones that can threaten bitcoin. News reports often focus on the number of qubits these machines have, as if this is the only important criterion. It's not. As (universal gate) QCs scale up, the main problem is decoherence - the difficulty of maintaining that entangled quantum state (and its information) by preventing variables from the outside environment leaking in (e.g., physical vibrations, EM radiation, temperature changes).

There is work underway on a variety of solutions to the decoherence problem, but it remains very much the primary obstacle - you can have a QC with a million qubits, but it would be useless without sufficient coherence.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on March 15, 2020, 09:35:12 AM
I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

------------------
It is possible not to believe, it is possible to close eyes and to bury all head deep in sand - it is a way of an ostrich.
On the contrary, you can open your eyes and explore the world around you. Then there is a chance, if you have enough intelligence, to come to the conclusion that quantum computing is a reality to accept.
That's why post quantum encryption methods and new Blockchain technology have already been developed.   


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on March 25, 2020, 08:52:27 AM
I don't believe anymore that quantum computing exists. It looks more like a fancy showdown to scare people.

It certainly exists, and work is progressing rapidly on a number of fronts. There has been a recent discovery (https://www.nature.com/articles/s41586-020-2057-7) that may pave the way for standard computer chips to perform quantum operations...

We have talked at length about what a qubit 'is' in an informational sense, but comparatively little about what it is in a physical sense. There are a huge variety of approaches (https://en.wikipedia.org/wiki/Quantum_computing#Developments), from miniature superconducting circuits (as in Google's 53-qubit machine last year) to optical lattices and Bose-Einstein condensates. But the holy grail is to be able to use magnetically-controllable nuclei embedded in silicon, a combination of magnetic resonance and quantum dot... a Kane quantum computer (https://en.wikipedia.org/wiki/Kane_quantum_computer).

A Kane QC as theorised uses precisely-spaced phosphorous atoms beneath the surface. As well as being manipulable through magnetic control, there is a benefit of a huge decoherence time (at low temperatures), estimated at 1018 seconds - decoherence is one of the biggest problems in QC.

https://www.researchgate.net/profile/Michelle_Simmons/publication/265247873/figure/fig1/AS:669407038681091@1536610483373/Kanes-Architecture-for-a-Quantum-Computer-In-Kanes-concept-of-a-silicon-based-quantum.png

The theory is over 20 years old (https://www.nature.com/articles/30156), and has not so far been properly implemented in practice because it is hugely difficult to control a single nucleus magnetically without the field affecting neighbouring nuclei too.

... which brings me to the new paper. They have used antimony rather than phosphorous - antimony crucially has a non-uniform charge distribution, and they have demonstrated that because of this it can be moved comparatively easily between spin states through the application of an oscillating electric field. This is kind of a big deal, as this possibility was first predicted more than 60 years ago, but has not been observed until now. Antimony is bigger than phosphorous, and has 8 spin states rather than the 2 of phosphorous, but this isn't a problem as it just means that each antimony nucleus is analagous to a 3-qubit system.

There is still a lot of work to be done, it's very early on, but if in the end a QC can be built in silicon, then this really is a huge advancement.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on March 25, 2020, 09:03:46 AM
Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?   


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on March 25, 2020, 04:11:10 PM
Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?   

I'll have a go. I assume you're talking about Quantum Key Distribution, - please correct me if not!

The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party. So 'Alice' receives one photon and 'Bob' receives the other. As for the mechanism of transfer, it can be optical cable or (as in China's QUESS) a satellite signal (as attenuation through vacuum and thin atmosphere is negligible) - anything really so long as the mechanism can keep signal loss to a minimum - or quantum repeaters can be used to maintain the signal.

The result then is that Alice and Bob each have the secure information received from the photon. Once the photon has been received, its data has been received too, and there is then no need to actually hold the photon itself. The point is that due to the fact that each photon is part of an entangled pair, they each contain the same information, which can then be used as a shared key.

That's the process, anyway. For information about security, probably first have a look at the BB84 protocol (https://en.wikipedia.org/wiki/BB84), and then go on from there to later developments such as Kak's 3 Stage Protocol (quantum double-lock)... but I think we covered security a few months ago in this thread.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on March 26, 2020, 10:31:25 AM
Who can explain how spin bound photons are controlled in quantum cryptography?
2 bonded photons.
One photon is transmitted through an optical communication channel and received at the second end of the communication channel.
That's understandable.
And how is the associated photon controlled and held?
Or is it not needed?
How can this moment of technology be explained in a simple and clear way?   

I'll have a go. I assume you're talking about Quantum Key Distribution, - please correct me if not!

The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party. So 'Alice' receives one photon and 'Bob' receives the other. As for the mechanism of transfer, it can be optical cable or (as in China's QUESS) a satellite signal (as attenuation through vacuum and thin atmosphere is negligible) - anything really so long as the mechanism can keep signal loss to a minimum - or quantum repeaters can be used to maintain the signal.

The result then is that Alice and Bob each have the secure information received from the photon. Once the photon has been received, its data has been received too, and there is then no need to actually hold the photon itself. The point is that due to the fact that each photon is part of an entangled pair, they each contain the same information, which can then be used as a shared key.

That's the process, anyway. For information about security, probably first have a look at the BB84 protocol (https://en.wikipedia.org/wiki/BB84), and then go on from there to later developments such as Kak's 3 Stage Protocol (quantum double-lock)... but I think we covered security a few months ago in this thread.
---------------------------
Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing. Protocol is secondary, there can be a lot of them, and the principle of linked photons is always the basis of quantum key distribution.
I must have been inattentive earlier.
I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on March 26, 2020, 04:18:05 PM
Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing.
Thanks, glad I was of some help :) Please bear in mind I'm not an expert, though - it's just my understanding here.


I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?
No, it's not impossible to break the security at source. QKD as with many things has vulnerabilities where the theory meets actual real-world implementation. This article (https://www.nature.com/articles/s41534-019-0180-9) goes into some depth on the subject, and may be of interest.

So how is QKD any use at all? Well, the strength is not that the key can't be intercepted during the transmission process, it's that the entangled nature of the photons means that the recipients are able to determine whether or not the key has been intercepted. QKD isn't a perfect solution, it's just a mechanism that employs properties of quantum mechanical systems to improve upon existing classical processes.

Quantum cryptography does continue to advance, and it may one day provide ultimate 100% guaranteed security, due to its basis on and exploitation of immutable physical laws. But for the immediate future, we also need post-quantum cryptographic algorithms to for example protect bitcoin.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on April 13, 2020, 09:45:09 AM
Thank you very much.
You answered exactly the question that I asked. You explained the principle clearly, that's the main thing.
Thanks, glad I was of some help :) Please bear in mind I'm not an expert, though - it's just my understanding here.


I have one more question.
You write:
"The process is that an interferometer generates the entangled photon pair, then the photons are sent one to each party."
This interferometer, the place from which the entangled photons are sent to Alice and Bob, has no information about these photons?
Is it impossible to leak information about the backs of the photons, and therefore the keys, in this place?


Quantum cryptography does continue to advance, and it may one day provide ultimate 100% guaranteed security, due to its basis on and exploitation of immutable physical laws. But for the immediate future, we also need post-quantum cryptographic algorithms to for example protect bitcoin.
--------------------------------
Besides the above mentioned about post quantum cryptography, I would like to say that quantum cryptography does not solve 2 problems in any way:
- it doesn't protect mobile Internet users and wireless Internet access points;
- it doesn't solve the problem of key theft, that's the way crooks go, nobody breaks cryptography, everybody steals4.
- does not solve the problem of password and biometric authentication methods, because stealing any digital identifier - breaks the security, so do fraudsters;
- it doesn't solve the most important issue, the phishing issue. This solution is more important to society than all the others put together.

Quantum key distribution solves only one unimportant issue: key negotiation. It solves the problem of personal meeting. Although there are so many open channels today that if I need to agree on a shared encryption key, it is safer (because it is invisible) to agree on a "grandmother's mail" in a paper envelope than looking for fiber optic lines and quantum key negotiation technologies.
 
And in general, the world forgets about good old wit, because of the fact that a man was stuffed with technology.

And what's the result?
12 billion accounts on one domain alone in the darknet - free access and for a little money.

So what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on April 13, 2020, 06:04:58 PM
what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.

Hi again :)

I suppose I'm saying that quantum cryptography is not limited to QKD, it's much bigger and more fundamental than that.

QKD is an approach to key distribution that uses quantum properties, and so is a part of quantum cryptography. It was certainly an early part, yes 1980s with the BB84 protocol. QKD has been the main implementation of quantum cryptography for a long time. And QKD does indeed have limitations, as discussed above. It's an improvement on the equivalent classical process, that's all.

But my point really is that the laws of quantum mechanics provide us with a theoretical framework through which, by exploiting properties such as entanglement, quantum teleportation and the no-cloning theorem (https://en.wikipedia.org/wiki/No-cloning_theorem), some sort of unhackable communication process may be possible.

QKD is an early implementation. I'm not saying it's the perfect end-state, it's not. I'm saying that quantum mechanics gives us a valuable toolset, and we would be remiss to focus entirely on post-quantum cryptography - which is, fundamentally, classical. PQC is no doubt hugely important and will certainly provide the initial defences against a future quantum attack. But the best long-term defence against quantum attack is not necessarily classical. There can be quantum defences, too. If we dismiss any possible quantum defence and limit ourselves purely to the classical, then we are missing something important.

QKD is a first implementation of quantum cryptography. There have been developments since then. I've mentioned Kak's 3-stage protocol before, a sort of quantum double-lock. This is quantum cryptography, and is a big improvement on QKD. There will be further developments and further improvements. Quantum mechanics offers us a world of possibilities. I'm just saying we need to follow this path in addition to the path of PQC.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Adriane14 on April 14, 2020, 03:54:46 AM
The Q technology is still in the infant stage just as the blockchain but if we mesh breed them together maybe we can find the answer to this question. I will call this the Quantum egg cracker for now. The chance to crack bitcoin's hash algorithm is high, the probability of Quantum technology is lurking around the corner of its Q dimensional properties.
Let's say 5 years from now.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on April 14, 2020, 09:29:43 AM
what's the point of quantum cryptography - technology from the distant past, from 1980, I don't understand.

Hi again :)

I suppose I'm saying that quantum cryptography is not limited to QKD, it's much bigger and more fundamental than that.

QKD is an approach to key distribution that uses quantum properties, and so is a part of quantum cryptography. It was certainly an early part, yes 1980s with the BB84 protocol. QKD has been the main implementation of quantum cryptography for a long time. And QKD does indeed have limitations, as discussed above. It's an improvement on the equivalent classical process, that's all.

But my point really is that the laws of quantum mechanics provide us with a theoretical framework through which, by exploiting properties such as entanglement, quantum teleportation and the no-cloning theorem (https://en.wikipedia.org/wiki/No-cloning_theorem), some sort of unhackable communication process may be possible.

QKD is an early implementation. I'm not saying it's the perfect end-state, it's not. I'm saying that quantum mechanics gives us a valuable toolset, and we would be remiss to focus entirely on post-quantum cryptography - which is, fundamentally, classical. PQC is no doubt hugely important and will certainly provide the initial defences against a future quantum attack. But the best long-term defence against quantum attack is not necessarily classical. There can be quantum defences, too. If we dismiss any possible quantum defence and limit ourselves purely to the classical, then we are missing something important.

QKD is a first implementation of quantum cryptography. There have been developments since then. I've mentioned Kak's 3-stage protocol before, a sort of quantum double-lock. This is quantum cryptography, and is a big improvement on QKD. There will be further developments and further improvements. Quantum mechanics offers us a world of possibilities. I'm just saying we need to follow this path in addition to the path of PQC.


----------------------------
Yes, dear interlocutor, there are no objections, I am ready to defend every word you have written.

Post quantum cryptography is really classical, because it is built on complex mathematics and large numbers. But that's not all - it has a key.

Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.

And that's why it is needed, that's briefly, what happens with key (and passwords, it's the same) methods:

- Recently, unknown persons attacked UN units, "as a result, components of key infrastructure in Geneva and Vienna were compromised ..." - quotes Dujaric Reuters (stealing keys);

- The CIA, together with the German Federal Intelligence Service (Bundesnachrichtendienst, BND), has been reading secret messages from officials in more than 120 countries for the past fifty years (!) through Crypto AG, a company that produces special encryption equipment (via encryption keys);

- security researchers from ESET discovered the dangerous vulnerability Kr00k (CVE-2019-15126) in widely used Wi-Fi chips from Broadcom and Cypress and affects more than a billion devices worldwide (smartphones, tablets, laptops, routers and IoT devices) that use the WPA2-Personal or WPA2-Enterprise protocol with the AES-CCMP encryption algorithm. Now Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi) and access points from Asus and Huawei are under attack. The Kr00k vulnerability is related to Key Reinstallation Attack (KRACK), which allows attackers to crack Wi-Fi passwords protected by the WPA2 protocol (keys again);

- huge problems with device shells that contain embedded vulnerabilities such as embedded passwords and embedded SSH/SSL keys. The appearance of one such device in your home, including an IOT device, connecting it to your home wi-fi, allows you to attack all your other devices connected to the same access point (keys, passwords);

- experts found a database with unencrypted e-mail addresses and passwords of more than 1 billion users on the Web, put up for sale by a cybercriminal under the pseudonym DoubleFlag (passwords);

- of the 175 million RSA certificates analyzed, over 435,000 are vulnerable to attack. At the international conference IEEE TPS (Trust, Privacy and Security) in Los Angeles, California, a group of researchers from Keyfactor presented these results (vulnerability of key infrastructures in general).

So what will quantum cryptography solve if it is key?
It's nothing.
It's also expensive.
And not for everyone, only those who sit on fiber optic cable.
And also for those who can't visit any website on this device, otherwise they'll get a spy program and steal the keys.

Nothing but a commercial result to the creators, this method does not give. These keys will be stolen the moment they are used for encryption.
And then you will be listened to and read everything that you encrypt, and you will know nothing. End of game.

And in keyless technology, there's nothing to steal, no keys.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on April 14, 2020, 09:32:38 AM
The Q technology is still in the infant stage just as the blockchain but if we mesh breed them together maybe we can find the answer to this question. I will call this the Quantum egg cracker for now. The chance to crack bitcoin's hash algorithm is high, the probability of Quantum technology is lurking around the corner of its Q dimensional properties.
Let's say 5 years from now.
--------------------------------------
Hacking technology using quantum computers and transmission technology using linked photons are different things.
The name is one thing, and everything is different.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on April 14, 2020, 08:17:45 PM
Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.

So what will quantum cryptography solve if it is key?

Are we just talking about the distinction between symmetric and asymmetric cryptography?

I don't know about the 'keyless cryptography' you mention, but I suspect it needs a shared something, a key by another name? I think we have mentioned OTPs before. The weakness with OTPs is that initial sharing of the key. QKD used in conjunction with OTP gives a strong solution to that problem. With QKD you can tell when there has been an interception/hacking attempt; it's a great way to share a key. Yes there remain certain vulnerabilities in implementation, it's not perfect, just an improvement on the analogous classical method.

Asymmetric cryptography by contrast is great for things like bitcoin and cryptocurrencies. The problem comes with quantum computers running the Shor algorithm, which obliterates public key cryptography. Where a classical computer takes an unimaginably huge 2128 operations to derive the bitcoin private key, a QC running Shor takes a mere 1283.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on April 15, 2020, 09:52:45 AM
Modern crooks don't even break pre quantum cryptography, and they never will, they're not smart enough.
They do it in a simple and elegant way - steal keys. And successful, too.
Real cryptography isn't classic cryptography - it's keyless cryptography. There's a theory about this model of encryption that I can send out.

So what will quantum cryptography solve if it is key?

Are we just talking about the distinction between symmetric and asymmetric cryptography?

I don't know about the 'keyless cryptography' you mention, but I suspect it needs a shared something, a key by another name? I think we have mentioned OTPs before. The weakness with OTPs is that initial sharing of the key. QKD used in conjunction with OTP gives a strong solution to that problem. With QKD you can tell when there has been an interception/hacking attempt; it's a great way to share a key. Yes there remain certain vulnerabilities in implementation, it's not perfect, just an improvement on the analogous classical method.

Asymmetric cryptography by contrast is great for things like bitcoin and cryptocurrencies. The problem comes with quantum computers running the Shor algorithm, which obliterates public key cryptography. Where a classical computer takes an unimaginably huge 2128 operations to derive the bitcoin private key, a QC running Shor takes a mere 1283.
----------------------------------
Keyless cryptography doesn't exist anywhere but
1) on this blog:
https://bitcointalk.org/index.php?topic=5204368.40 (from which the administrator deleted about 100 posts of the author);
2) in the theory that is written, can be sent on demand, which justifies the fundamental possibility of such a model;
3) and in one project, which most likely will not be filled with money, because investors do not want to understand the subject at the level that is necessary: https://toxic.chat/.

Each packet of data is encrypted with only its own, brand new encryption scheme, which looks similar to its own key, which has never been negotiated between the parties, never transmitted, stored or generated. So is it a key?
This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets of the response data packet, and which is better called a channel identifier than a key. It creates a channel, and is never used again. Moreover, the first data packet sent by this kind of "key" and the second data packet received in response, created with this "key" - have completely different encryption schemes.

Moreover, the presence of this "key" in Eva's hands does not allow her to open the communication channel. To do this, she needs many other things that can be read in the theory of this technology.
 

But as I see it, the biggest bonus to this technology is not that you can't even find and steal your encryption key, but that it provides two-way continuous password-free authentication.
An example of how this works is described in the blog above from today.

Yes, and now phishing, in any form, is just a scary story from the past...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on April 15, 2020, 02:46:29 PM
This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets
It's still a shared secret though, right? It's still a key?

Keyless cryptography
Maybe I'm being stupid, but I don't see how this can exist.
Surely there are two ways that the data can be decrypted: either you need a shared secret, or else the communication itself contains the means of deciphering it.
So in the first instance, the secret is the key - whether we call it a key or not, that's what it is.
And in the second instance, there is zero security because anyone can derive the data from a thing that is entirely self-contained.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on April 15, 2020, 06:33:30 PM
This technology creates its own cryptographically closed communication channel, which is created using ANY INFORMATION, which is sort of a "key" only for the first and second packets
It's still a shared secret though, right? It's still a key?

Keyless cryptography
Maybe I'm being stupid, but I don't see how this can exist.
Surely there are two ways that the data can be decrypted: either you need a shared secret, or else the communication itself contains the means of deciphering it.
So in the first instance, the secret is the key - whether we call it a key or not, that's what it is.
And in the second instance, there is zero security because anyone can derive the data from a thing that is entirely self-contained.

-------------------------------------
It's the exact opposite.
If you have a key, you decrypt any information.

If your key is stolen - having a previously written cipher - they will decrypt the information again.

This function is the key.
What does a key do?
It changes the general encryption scheme to an individual one. That's it. That's it.

If you encrypt the word "hello" today and tomorrow with the same key, you always get an Absolutely SINGLE SHIFT.

It's the other way around. Even the first data pack will be different from the second data pack with the same information and the same "key" - like day and night.

So how can this common secret be called a key?

Think about it.

And as for all other packages, after the second one, for example, if the package has 256 bits, then how do you guess the rule code, it means no key? Even a quantum computer in 100 years can't guess. And if it can guess, then how without a key, without knowledge of the rule, will it understand what it has guessed? Because it's a rule on no other data packet - it won't check.
So where's the public access here? It's top secret.

And the most unusual question is how do you know that this data packet contains information at all?
And if there is, how many bits of 256 contain it?
Do you feel the failure of such hacking attempts?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on April 20, 2020, 10:43:05 AM
There has been another recent advance in quantum computing, which may be an important step towards the development of large scale QCs.

The QCs developed thus far have to work at very low temperatures in order to keep the energy of the system low enough that the qubits remain stable. Very low temperatures, which means close to absolute zero. In practice this means below about 0.1K, or within a tenth of a degree of absolute zero.

A paper last year (https://arxiv.org/abs/1902.09126) outlined how in theory this minimum working temperature could be raised to around 1.5 Kelvin. Still absurdly cold, but in relative terms this is a huge jump up from 0.1K. This is a quantum-dot-based system, and the mechanism by which they can work with the higher temperature is by isolating the quantum dots and then using magnetically-controlled electron quantum tunnelling (https://en.wikipedia.org/wiki/Quantum_tunnelling) to read the qubit state. (As an interesting aside, it is the phenomenon of quantum tunnelling that sets a barrier to the size reduction of traditional processors, which could end Moore's Law.)

Why does a change from 0.1k to 1.5K mean a big reduction in the difficulty of producing large scale QCs? Well, each time you make the machine bigger, and more powerful, each time you add more qubits, you are introducing extra energy, higher temperatures, which means even more cooling is required. There is a several orders-of-magnitude difference in the dollar cost between cooling to 1.5K and cooling to 0.1K. As one of the paper's authors stated: "This [1.5K] is still very cold, but is a temperature that can be achieved using just a few thousand dollars' worth of refrigeration, rather than the millions of dollars needed to cool chips to 0.1 Kelvin."

So this was the theory, an increase in workable temperature for QCs from 0.1K, up x15 to 1.5K. The big advancement is that this theory has now been experimentally verified (https://www.nature.com/articles/s41586-020-2170-7), by the team at Delft that I've mentioned in previous posts.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on June 07, 2020, 09:25:14 AM
There has been another recent advance in quantum computing, which may be an important step towards the development of large scale QCs.

The QCs developed thus far have to work at very low temperatures in order to keep the energy of the system low enough that the qubits remain stable. Very low temperatures, which means close to absolute zero. In practice this means below about 0.1K, or within a tenth of a degree of absolute zero.

A paper last year (https://arxiv.org/abs/1902.09126) outlined how in theory this minimum working temperature could be raised to around 1.5 Kelvin. Still absurdly cold, but in relative terms this is a huge jump up from 0.1K. This is a quantum-dot-based system, and the mechanism by which they can work with the higher temperature is by isolating the quantum dots and then using magnetically-controlled electron quantum tunnelling (https://en.wikipedia.org/wiki/Quantum_tunnelling) to read the qubit state. (As an interesting aside, it is the phenomenon of quantum tunnelling that sets a barrier to the size reduction of traditional processors, which could end Moore's Law.)

Why does a change from 0.1k to 1.5K mean a big reduction in the difficulty of producing large scale QCs? Well, each time you make the machine bigger, and more powerful, each time you add more qubits, you are introducing extra energy, higher temperatures, which means even more cooling is required. There is a several orders-of-magnitude difference in the dollar cost between cooling to 1.5K and cooling to 0.1K. As one of the paper's authors stated: "This [1.5K] is still very cold, but is a temperature that can be achieved using just a few thousand dollars' worth of refrigeration, rather than the millions of dollars needed to cool chips to 0.1 Kelvin."

So this was the theory, an increase in workable temperature for QCs from 0.1K, up x15 to 1.5K. The big advancement is that this theory has now been experimentally verified (https://www.nature.com/articles/s41586-020-2170-7), by the team at Delft that I've mentioned in previous posts.
---------------------------------------------------
In early March 2020, Honeywell International joined the race to create a quantum computer. The company is preparing to release the most powerful system in the world.

The manufacturer of industrial equipment for the aerospace sector says its quantum computer will double the performance of the most powerful quantum machine available today. Their new system will have 64 cubic meters, while the fastest quantum computer built by IBM will have 32 cubic meters.

It would seem a bit of progress, which is interesting.

But further interesting, Honeywell claims that they have created a new system with trapped ions that is easily scalable!!! According to engineers, the volume of production of machines will grow by 10 times annually, which by 2025 will provide an increase in productivity of 100,000 times.

And this is already very serious, skeptics of technical progress should reconsider their positions. Development in the field of computing, as history shows, always goes faster than the most daring forecasts. And this news is proof of that.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on June 10, 2020, 07:59:36 AM
In early March 2020, Honeywell International joined the race to create a quantum computer. The company is preparing to release the most powerful system in the world.

The manufacturer of industrial equipment for the aerospace sector says its quantum computer will double the performance of the most powerful quantum machine available today. Their new system will have 64 cubic meters, while the fastest quantum computer built by IBM will have 32 cubic meters.

Whilst it's good that more companies are getting involved, I'm extremely skeptical of Honeywell's claim. Their assessment is based on the assumption that Quantum Volume is the defining metric for QC power, and that's very much open to question. Quantum Volume is the metric that IBM uses:

Quantum Volume (QV) is a hardware-agnostic metric that we defined to measure the performance of a real quantum computer. Each system we develop brings us along a path where complex problems will be more efficiently addressed by quantum computing; therefore, the need for system benchmarks is crucial, and simply counting qubits is not enough. As we have discussed in the past, Quantum Volume takes into account the number of qubits, connectivity, and gate and measurement errors. Material improvements to underlying physical hardware, such as increases in coherence times, reduction of device crosstalk, and software circuit compiler efficiency, can point to measurable progress in Quantum Volume, as long as all improvements happen at a similar pace.

The thing is... absolutely no-one else uses that metric. IBMs QC is currently the most powerful in the world, based on Quantum Volume, because it is the only one that uses Quantum Volume as a metric.
It looks like Honeywell are trying to put out a QC that is more powerful than IBM's, using Quantum Volume to determine that power... thereby becoming the "most powerful" QC in the world by improving on its only competitor on that metric.

It is great that another company is entering the space, and it will certainly be a big achievement if newcomers Honeywell can out-perform IBM... I just think that the "most powerful" claim is a little misleading.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on June 10, 2020, 06:37:01 PM
In early March 2020, Honeywell International joined the race to create a quantum computer. The company is preparing to release the most powerful system in the world.

The manufacturer of industrial equipment for the aerospace sector says its quantum computer will double the performance of the most powerful quantum machine available today. Their new system will have 64 cubic meters, while the fastest quantum computer built by IBM will have 32 cubic meters.

Whilst it's good that more companies are getting involved, I'm extremely skeptical of Honeywell's claim. Their assessment is based on the assumption that Quantum Volume is the defining metric for QC power, and that's very much open to question. Quantum Volume is the metric that IBM uses:

Quantum Volume (QV) is a hardware-agnostic metric that we defined to measure the performance of a real quantum computer. Each system we develop brings us along a path where complex problems will be more efficiently addressed by quantum computing; therefore, the need for system benchmarks is crucial, and simply counting qubits is not enough. As we have discussed in the past, Quantum Volume takes into account the number of qubits, connectivity, and gate and measurement errors. Material improvements to underlying physical hardware, such as increases in coherence times, reduction of device crosstalk, and software circuit compiler efficiency, can point to measurable progress in Quantum Volume, as long as all improvements happen at a similar pace.

The thing is... absolutely no-one else uses that metric. IBMs QC is currently the most powerful in the world, based on Quantum Volume, because it is the only one that uses Quantum Volume as a metric.
It looks like Honeywell are trying to put out a QC that is more powerful than IBM's, using Quantum Volume to determine that power... thereby becoming the "most powerful" QC in the world by improving on its only competitor on that metric.

It is great that another company is entering the space, and it will certainly be a big achievement if newcomers Honeywell can out-perform IBM... I just think that the "most powerful" claim is a little misleading.
---------------------
Yeah, what the Chinese company's really doing is probably not coming out. The fact that they have gathered a large number of specialists in this field from all over the world (practically) (I don't know what level) is a fact. It's a fact that China, in the last 10 years, has been particularly astounding with its technological achievements even for the biggest skeptics. Also, everyone who observes can see that China has very big and ambitious plans for the future, and our future is the digital world. Consequently, we can assume that they have taken the creation of their quantum technologies very seriously, especially since the quantum Internet has long been a practical thing, not a theory. Even earlier, in the open sources, a lot was said about how well developed the use of spy technologies - this very Chinese company.
All of this is more than convincing evidence that the Chinese will not lag behind the world and in the development of a quantum computer.
And what cities this same company is building for European specialists, who are invited to work, a dream...   


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: amnakhan2020 on June 28, 2020, 09:37:16 AM
You can change the algorithms of all the active wallets, but some wallets have lost keys or the people who had those keys died and they can't change the signing algorithm which means those wallets will be captured by quantum computers. So we will know what quantum computers exist when satoshi's coins move... That's one of the reasons why they will move. Eventually they will move and they will move because eventually someone will be able to break the keys. But for the rest of the eco system we can migrate quite easily to another algorithm. It's not really as big of a threat that people think it is."


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: AverageGlabella on July 08, 2020, 07:44:37 AM
You can change the algorithms of all the active wallets, but some wallets have lost keys or the people who had those keys died and they can't change the signing algorithm which means those wallets will be captured by quantum computers. So we will know what quantum computers exist when satoshi's coins move... That's one of the reasons why they will move. Eventually they will move and they will move because eventually someone will be able to break the keys. But for the rest of the eco system we can migrate quite easily to another algorithm. It's not really as big of a threat that people think it is."

That's assuming Satoshi is not actively keeping up to date with quantum computer development or assuming that he has lost his keys. Satoshi may still have access to his wallet and is keeping them there for a reason. There could be multiple reasons why Satoshi is doing it but that would go off topic from the discussion.

Your concern is legitimate for other people though. Quantum computers have the capability once they have reached a certain qbit milestone to be able to attack addresses that may have been lost by other people. This could be attacked on a very wide scale. Some people could see this as a ongoing problem and could effect the longevity of Bitcoin as a currency. But as it has been discussed here the affordability of a quantum computer capable of doing this will not be open to the public for a very long time. I know there has been advances in keeping quantum computers cool but this does come at a cost that I think a lot of people are ignoring. The cooling system is not the expensive part its the amount of space that you would require to make it effectively cool and run at the required qbits for a extended amount of time that would be the issue.

Quantum computers are a long way off but the technology behind them is improving at an exponential rate. At the moment I have not seen any system which would protect against stealing of coins that have been lost. There are multiple technologies in the theory process right now that could be implemented into Bitcoin and reduce the effects of quantum computing on the industry but I think old addresses that have not been converted will always be vulnerable to quantum attacks unless someone comes up with a sleek new concept within the next couple of years.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 14, 2020, 12:58:49 PM
I know there has been advances in keeping quantum computers cool but this does come at a cost that I think a lot of people are ignoring. The cooling system is not the expensive part its the amount of space that you would require to make it effectively cool and run at the required qbits for a extended amount of time that would be the issue.

This is very true. When advances in quantum computing are reported, the focus is often solely on the number of qubits involved. Whilst a degree of simplification is understandable when reporting what is certainly a complex and technical subject, this can mislead people into thinking it's the only important metric. Information loss through decoherence is a huge issue and the major barrier to production of large-scale QCs, and maintaining that near-absolute-zero temperature is a key requirement in minimising that decoherence.

However, whilst this is important and, as you say, expensive, the problem is perhaps not insurmountable. These are after all engineering challenges rather than absolute, universal constraints. My post above (https://bitcointalk.org/index.php?topic=5157696.msg54260891#msg54260891) links to recent experimental verification of a process whereby the minimal viable temperature is increased by a factor of 15, resulting in an orders-of-magnitude cost reduction for cooling. But it is not necessarily all about cooling or the space required. Development is continuing at pace across the field, with advances being made all the time. Techniques are being refined, and new approaches adopted. Noise is being reduced and coherence is improving. Indeed, just last week Trinity College Dublin released a paper (https://pubs.acs.org/doi/10.1021/acs.nanolett.0c01705) detailing a new technique in qubit-creation that may make the process both more powerful and much more controllable. Traditionally the quantum-dot-based approach to qubit emission involves affixing a metal point near to the dot... but the new approach involves controlled optical excitation of the point, which can then be scanned over the surface. Not only is this simpler than the current method, the new optical approach also generates greater quantities of single photon outputs and can force entanglement of dot pairs. The whole process is becoming more controllable all the time, and with increased control comes less noise, and so greater coherence.

---

Edited for clarity; seems my sentence construction also suffers from coherence issues.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on July 15, 2020, 08:32:50 PM
Quantum technology is a science. For now. Temporarily, but time is known to always go fast.
I think people can make quantum computing available to everyone, they can make a personal quantum computer. I suspect that inside this miracle of technology there will not be a system of cooling the substance to zero, but technologies to conquer magnetic fields for the same purposes, which, as the scientific press writes, are developing.
I do not see a solution to safety problems for the user, even if these technologies are available, even if they are absent.
I'll explain why.
What will break a quantum computer is cryptography.
What kind of cryptography would a quantum computer attack? Asymmetric, from the last century. All modern post quantum asymmetric and even the old symmetric AES level, let alone the Two Fish, will never be attacked by it.
Why do I say that so boldly?
Because today's old AES-256 is perfectly capable of handling the quantum threat, the foreseeable future. To extend the key length to 512 bits is worth nothing. It's not gonna put much strain on the processor when it comes to encryption. But for quantum computers, increasing the key length from 256 bits to 512 bits is absolutely impossible to improve this technique in a reasonable period of time.
From the scientific point of view - the world of numbers is infinite and to use this resource, you can increase the field of numbers for encryption instantly. But to improve the technique that will catch up with the "infinity of number fields" is a difficult and time-consuming task.
In fact, even modern cryptography is never broken, keys, passwords and information are always stolen. The same will happen after a quantum computer is available to everyone. Nothing will change. We will also be attacked by ourselves only by compromising sensitive data.
Why do you need a quantum computer to attack a bitcoin - I don't understand at all. Even the old asymmetric cryptography on elliptical curves, with a 4-fold increase in the length of the key - will remain a dream to crack the known algorithms on quantum computers.
Everybody looks the wrong way when they think about security issues.
There are billions of accounts on the darknet that are sold for nothing. We are all hacked a long time ago, and so we will in the future if we keep the old key encryption technologies and password (and biometric) authentication methods.   


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 17, 2020, 01:01:12 PM
I suspect that inside this miracle of technology there will not be a system of cooling the substance to zero, but technologies to conquer magnetic fields for the same purposes, which, as the scientific press writes, are developing.
I sort of agree with this. The reason we need QCs to be cooled almost to absolute zero is to reduce decoherence. Cooling is a (partial) solution to a problem. There may be other solutions where cooling is not required (or where a smaller amount of cooling is sufficient).

Everybody looks the wrong way when they think about security issues.
There are billions of accounts on the darknet that are sold for nothing. We are all hacked a long time ago, and so we will in the future if we keep the old key encryption technologies and password (and biometric) authentication methods.   
I sort of agree here, too. A system is only as strong as its weakest link. That weakest link often turns out to be human errors or laziness. However we can't really argue that a) people will make errors or be negligent, therefore b) there is no point to implementing secure cryptographic systems.

Why do you need a quantum computer to attack a bitcoin - I don't understand at all. Even the old asymmetric cryptography on elliptical curves, with a 4-fold increase in the length of the key - will remain a dream to crack the known algorithms on quantum computers.
Because the power of a QC scales exponentially due to superposition and entanglement. Superposition meaning that a qubit can be - to simplify somewhat - both 0 and 1 at the same time. Entanglement meaning that multiple qubits can be combined into a single state. So the number of classical outcomes that can be assessed scales 2^n. The nature of QCs means that they are strong on integer factorisation and the discrete logarithm problem (both normal and ECC). Shor's algorithm can dismantle current asymmetric cryptography.
There are as you know various quantum-resistant approaches to asymmetric cryptography that offer potential defences against a QC, however these do also bring new challenges such as increased key size.

Going beyond bitcoin and cryptocurrencies, one common assumption is that there is no danger until a sufficiently powerful QC appears. This is not the case. Quantum-safe security needs to be implemented as soon as reasonably possible. I am quite sure that people are storing today's encrypted traffic for the future, so that it can be decoded once a QC is available. Anything communicated by public-key today can be deciphered tomorrow.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: j2002ba2 on July 17, 2020, 03:08:23 PM
Why do you need a quantum computer to attack a bitcoin - I don't understand at all. Even the old asymmetric cryptography on elliptical curves, with a 4-fold increase in the length of the key - will remain a dream to crack the known algorithms on quantum computers.
Because the power of a QC scales exponentially due to superposition and entanglement. Superposition meaning that a qubit can be - to simplify somewhat - both 0 and 1 at the same time. Entanglement meaning that multiple qubits can be combined into a single state. So the number of classical outcomes that can be assessed scales 2^n. The nature of QCs means that they are strong on integer factorisation and the discrete logarithm problem (both normal and ECC). Shor's algorithm can dismantle current asymmetric cryptography.

QC scaling as 2n is a common misconception. As n grows, the system scales worse and worse. At certain point, for n<50, the noise dominates, no signal is left. For example, last year Google claimed "quantum supremacy". It was supremacy in generating noise.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 18, 2020, 07:32:48 PM
QC scaling as 2n is a common misconception. As n grows, the system scales worse and worse. At certain point, for n<50, the noise dominates

No, it's not a misconception, the number of potential classical outcomes that a QC can assess does scale 2^n, it's inherently true based on how QCs work.
A classical bit can be 0 or 1, either/or. A qubit, because of quantum superposition, is in a sense partially both values, a probability smear across the two, until it is measured, when it resolves to a definite classical 0 or 1 outcome. In a system with multiple entangled qubits, the number of values covered increases 2^n. Two entangled qubits cover 2^2=4 possibilities, 00, 01, 10, 11. Three entangled qubits cover 2^3=8, 000, 001, 010, 011, 100, 101, 110, 111. And so on.

Having said that, I absolutely understand and agree with your main point that number of qubits isn't everything, it's merely a headline figure, which can be misleading. 2^n means nothing if there is a high rate of error in the final result. Decoherence - the loss/corruption of information - is the fundamental obstacle to achieving large-scale functioning quantum computers. Adding and entangling additional qubits is not what is stopping QCs today, it is, as you say, the increased noise as number of qubits increases. But it doesn't change the 2^n scaling that makes QCs so efficient at for example integer factorisation and the discrete logarithm problem.

The scaling is an inherent truth due to immutable physical laws. The noise is an engineering problem.

 


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: j2002ba2 on July 19, 2020, 10:13:23 AM
QC scaling as 2n is a common misconception. As n grows, the system scales worse and worse. At certain point, for n<50, the noise dominates

No, it's not a misconception, the number of potential classical outcomes that a QC can assess does scale 2^n, it's inherently true based on how QCs work.
A classical bit can be 0 or 1, either/or. A qubit, because of quantum superposition, is in a sense partially both values, a probability smear across the two, until it is measured, when it resolves to a definite classical 0 or 1 outcome. In a system with multiple entangled qubits, the number of values covered increases 2^n. Two entangled qubits cover 2^2=4 possibilities, 00, 01, 10, 11. Three entangled qubits cover 2^3=8, 000, 001, 010, 011, 100, 101, 110, 111. And so on.

Having said that, I absolutely understand and agree with your main point that number of qubits isn't everything, it's merely a headline figure, which can be misleading. 2^n means nothing if there is a high rate of error in the final result. Decoherence - the loss/corruption of information - is the fundamental obstacle to achieving large-scale functioning quantum computers. Adding and entangling additional qubits is not what is stopping QCs today, it is, as you say, the increased noise as number of qubits increases. But it doesn't change the 2^n scaling that makes QCs so efficient at for example integer factorisation and the discrete logarithm problem.

The scaling is an inherent truth due to immutable physical laws. The noise is an engineering problem.

 

Let me doubt.

A qbit is not simultaneously 0 and 1, it is probably 0 or 1, and eventually - when measured - certainly 0 or 1. That's why 2n is wrong. A system of n qbits is not simultaneously in 2n states, it is probably in one of them. Altering it via any constraints reduces the probability that the system is in certain state. But the system was already at certain state, and could transition to the more favorable one forced by constraints. So it has to travel to the correct state. But if there's a reasonable algorithm for this, no quantum stuff is needed.

Or let's say, that somehow, a system of n qbits is in most of the 2n states simultaneously. Then constraints are placed, and some of the states become "forbidden". The favorable states would have lower energy. Either there's a transition to lower energy, which has to be released, or influx of energy to make up for the unfavorable states. At the end finally we arrive at the correct single state. All this energy has to go somewhere. All 2n bits of energy. Would the solar system survive such energy blast? Would the Milky Way?

There's a lot of wishful thinking in quantum physics. It is believe based, and attracts all kind of believers. Something is fishy. It looks a lot like the geocentric solar system in Middle Ages. Circles upon circles, a very complex stuff, but never correct (except for a few isolated cases). So I would say, it is fundamentally wrong, and it is obvious. After all quantum physics is statistics, and statistics is never reality. Sometimes, many times, very useful, but still wrong.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on July 20, 2020, 11:32:10 AM
This is a deep look at the issue, and it is important to take it into account. On the other hand, whatever the modern problems of technology, the developed technologies that are based on science, sooner or later, will give humanity practical solutions. Just like you in your position, I look back and observe how humanity is overcoming any difficulties and always finds successful solutions to technical problems. It finds ways to move engineering solutions from science to commerce and consumer use. This general line of development, and this pattern is necessarily preserved for quantum technologies.
Thus, I come to an unambiguous conclusion that the problems of quantum computing, its scaling and the entry of quantum technologies into our life - will certainly be solved.
I absolutely disagree that the presence of such technologies in our everyday life will somehow change our security. These technologies will not reduce or increase the reliability of encryption. Cryptography itself is developing much faster, with much greater growth potential than quantum technology.
Take a close look at the principles of modern encryption systems. Look at the new systems - candidates for post quantum. What elegant solutions are offered, what depth of thought. No matter how fast technology, thought, theoretical science, mathematics are developing, they go many steps forward. People have long been researching, creating models and working in mathematical n-dimensional spaces, in models with amazing properties that our rational mind is not able to understand. but mathematics can do it. For these reasons, encryption will never be in danger because it's math and combinatorial. 
But again, I would like to draw your attention to the fact that all encryption systems have keys. Keys as a function of selecting an encryption scheme. One of the many possible encryption schemes. That's where the danger is for us. Much more than the quantum computing that will be needed to solve scientific and engineering problems, not to break the ciphers.
If in doubt, look at what they say at all the security conferences. In short, it is a thought - almost always, almost 100% of all attacks start with stealing keys (passwords, identifiers).
Explain to me why you need a quantum computer that you want to use for a brutal attack on the code if you can steal the basics of encryption - keys.
That is why I see the only vector of development of protection systems, including after the era of quantum computers, in the introduction of keyless encryption technologies.
Look, in key technologies, for example AES-256 (until it breaks down by a quantum miracle, even if it worked), the task is in a complete search of two to the extent of 256 options.
In keyless technologies, such as output cipher-code bit rate, the same is true: two to the extent of 256 variants. But for the second cipher code it is already two in degree 256x2 variants. For the third it is two in degree 256x3 variants. Here is a real and beautiful departure from quantum superiority of any technology directed on full search of all variants, i.e. on attack by brute force.
The only difference in the attack on asymmetric cryptography is that out of all variants of the final number field only integers work, not all in a row. Plus, Shore's algorithm makes this task a little easier. But in its essence it is the same brute force attack, only a little bit of mind in this attack.
Another thing is finding mathematical solutions to problems of finding a discrete logarithm and factorization. Can a quantum computer help here?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 22, 2020, 07:41:59 AM
A qbit is not simultaneously 0 and 1, it is probably 0 or 1, and eventually - when measured - certainly 0 or 1. That's why 2n is wrong. A system of n qbits is not simultaneously in 2n states, it is probably in one of them.
Certainly, when measured, the result is 0 or 1, either/or, with 100% probability. I agree that far. But when we say that a qubit is 'simultaneously 0 and 1', that is a simplification. What we mean is that, prior to measurement, the qubit is best defined as a wave rather than a particle. The Schrödinger wave equation is the best description of what the qubit 'is'; really it makes no sense at that point to say that it is both 0 and 1, because 0 and 1 are classical end states. But we can say that the qubit, because of its wave-like nature, can resolve to either possibility. It has the potential to be either a 0 or a 1. This phenomenon can be described as the qubit 'exploring all paths', but the fact remains that the power does scale 2^n, because all possible classical states are potential outcomes upon measurement.


There's a lot of wishful thinking in quantum physics. It is believe based, and attracts all kind of believers. Something is fishy. It looks a lot like the geocentric solar system in Middle Ages. Circles upon circles, a very complex stuff, but never correct (except for a few isolated cases). So I would say, it is fundamentally wrong, and it is obvious.
Quantum mechanics describes how the universe behaves at an extremely small scale. It does not make sense in terms of our everyday, macroscopic view of the world. We have evolved to hunt food, search for shelter, escape predators. This is how our brains are built. Our understanding of what constitutes reality is heavily influenced by our sensory apparatus. A rainbow, for example, only appears as does because of the way our eyes work; other eyes would see it differently, and the mathematical description would see it perfectly.
Any attempt to explain QM in everyday human terms will fail; this is why no human really understands what the quantum world 'is'. But we have mathematics that describes it. And we have devices built on that underlying mathematics, and these devices function correctly according to the laws of QM. We cannot say this is wishful thinking, rather it is verifiable, reproducible experimental evidence. It is fact. Modern computers are built on quantum mechanics. It is impossible to describe semiconductor-based electronics without quantum mechanics.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on July 25, 2020, 02:02:26 PM
A quantum computer will work and will stand on our desk and even be in our smartphones (or whatever they are called), regardless of the correct explanation of the technology or the wrong one if a person needs it - he will do it. There are many examples in history where a person has misinterpreted and understood what they were doing, but they were doing it right. Specifically, even after something started to work in practice, new explanations, new insights, perhaps closer to the truth, may have emerged afterwards.
A man is the champion of the universe by explaining everything that would come to his mind. The most vivid example is a god, gods, faith in invented explanations. A human being (unfortunately, mine) has an alien mind that closes its own. A foreign mind, which possesses our consciousness, likes to talk especially to itself, likes to important, to protect its own ego (this is EGO), likes to explain everything, especially when it has little understanding of the question. And for this purpose he has a foreign language, exactly the one which we were taught from birth. 
It's the same with quantum phenomena. The quantum world itself - is not definitely defined, the elementary particles themselves have no and can not have an unambiguous definition - so says the quantum mechanics. As you know, quantum mechanics says that an elementary particle either has mass, charge, spin, etc. at this point in time - but then it does not have any exact coordinate in space (defending this point of view, science says that knows only the area of space in which this particle can be at any point - ONE!!!). Or vice versa, if we know the coordinate of a particle - we have no idea about its physical parameters. So where is the unambiguousness here? Mystery and uncertainty - this is what quantum mechanics, the fundamental science of elementary particles, deals with. And relying on this liquefied foundation, not at all turning around, engineers bravely build working quantum models (the Big Collider among them).
That's how our quantum technology is built, almost blindfolded.
And no one is embarrassed by that.
In fact, if the current explanation is not relevant, there are new ones standing in line to replace it long ago. Has the lack of knowledge of the truth ever stopped the technology? Same as today.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 27, 2020, 09:15:46 AM
it does not have any exact coordinate in space (defending this point of view, science says that knows only the area of space in which this particle can be at any point - ONE!!!). Or vice versa, if we know the coordinate of a particle - we have no idea about its physical parameters. So where is the unambiguousness here?
That's how our quantum technology is built, almost blindfolded. And no one is embarrassed by that.

I think there is some nuance here. Quantum properties are well understood from a mathematical perspective; the problem comes when we try to interpret something such as an electron as a particle. An electron is not a particle, it simply doesn't have a definite position. Neither is it a wave. It is a thing that, when we interact with it, in certain circumstances manifests wave-like behaviour, and in other circumstances particle-like. The Heisenberg Uncertainty Principle does not suggest that there is uncertainty because we don't know what is happening, or that the uncertainty arises as a part of the act of measurement, but rather that we can't force particle-like behaviour on an electron. We can approximate it to a limit of the reduced Planck constant, but we can't absolutely perfectly describe it as a particle... because it is not a particle. We understand the maths, and can build engineering solutions based upon it, but we do so without knowing what an electron, fundamentally, is. For example, the apparent contradiction in that it has mass, but it has no physical size. Perhaps we will understand one day, or perhaps our human brains are not wired in such a way to make sense of it. This brings us onto whether the Copenhagen interpretation is perfect (it's not), and whether wave function collapse does actually occur, and then to questions as to the nature of the a priori framework of our perception: time and space. We exist within time and space; it is extremely difficult to define a thing that you exist within and that you have no conception of being outside.



Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on July 27, 2020, 09:52:34 PM
it does not have any exact coordinate in space (defending this point of view, science says that knows only the area of space in which this particle can be at any point - ONE!!!). Or vice versa, if we know the coordinate of a particle - we have no idea about its physical parameters. So where is the unambiguousness here?
That's how our quantum technology is built, almost blindfolded. And no one is embarrassed by that.

I think there is some nuance here. Quantum properties are well understood from a mathematical perspective; the problem comes when we try to interpret something such as an electron as a particle. An electron is not a particle, it simply doesn't have a definite position. Neither is it a wave. It is a thing that, when we interact with it, in certain circumstances manifests wave-like behaviour, and in other circumstances particle-like. The Heisenberg Uncertainty Principle does not suggest that there is uncertainty because we don't know what is happening, or that the uncertainty arises as a part of the act of measurement, but rather that we can't force particle-like behaviour on an electron. We can approximate it to a limit of the reduced Planck constant, but we can't absolutely perfectly describe it as a particle... because it is not a particle. We understand the maths, and can build engineering solutions based upon it, but we do so without knowing what an electron, fundamentally, is. For example, the apparent contradiction in that it has mass, but it has no physical size. Perhaps we will understand one day, or perhaps our human brains are not wired in such a way to make sense of it. This brings us onto whether the Copenhagen interpretation is perfect (it's not), and whether wave function collapse does actually occur, and then to questions as to the nature of the a priori framework of our perception: time and space. We exist within time and space; it is extremely difficult to define a thing that you exist within and that you have no conception of being outside.


-------
Yes, I agree, it is a good continuation of the dialogue on "what is the world of elementary particles". After all, it is this very material that we are trying to understand and put at the service of us, the representatives of the macro world. And as a matter of fact, so far we cannot understand the nature of the microcosm with the look from the macrocosm.
I am most likely wrong, because my "common sense" resists (as always), but the main difference between our two worlds (macrocosm and microcosm) is that there is one, important, principal mistake in our common sense - mistake of perception of continuity of phenomena and events. The key word here is continuity, in other words, a smooth transition, as we like to say, a continuous flow of our time.
The mistake is precisely that time flows continuously.
This is the first one.
The space around us is the same at any point. It is this feeling, this delusion, that underlies our Euclidean model of geometry (in general, this is the science of the properties of the surrounding space), one axiom of which is the statement that one line consists of points and one line has an infinite number of points. Roughly speaking, having thought a bit about it, such an axiom can take place only in monogamous, homogeneous space.
I suspect that our surrounding space is not homogeneous. It's discrete. At one point, it is. But it's not in the next one. That's why electrons rotate around the nucleus of the atom only in certain discrete orbits. It seems, if I am not mistaken, that energy between two neighboring orbits - is determined by a strictly calculated constant - Planck's constant (I have long taught, I can be mistaken, but this value is called somehow).
Here we go.   Electromagnetic wave. Spreading in space - in one point behaves like an electric wave, in the next one it does not, only as a magnetic wave. Moreover, in some points it is equal to absolute zero. And it's at these points that the magnetic wave has its maximum. I think this is because of the heterogeneous properties of different points in our space. Which means that you can't build an infinite number of identical (namely, this is meant by the term "point") points on one line. Only the finite set.
And since time and space are a single continuum, as well as having other arguments on the subject of "continuity or discreteity of the category "time" (this is a long subject), I will suggest that our time is as discrete as space. In other words, there are moments when time stands still. And there are moments when time "flows", "exists". Like the heart beats. Like a wave (there are moments when the oscillation of any wave in one measurement system is zero).   And that changes everything. It indirectly explains the "observer effect", at least as something, because there is still no clear explanation why the same matter (creatures of the microcosm) choose their existence either as a particle or as a wave depending on who is watching them and when. This is why an elementary particle either has a coordinate or its physical characteristics. But not simultaneously, as we are creatures of the macrocosm. And who says that we have the same parameters (coordinate and weight, for example) - at the same time? If the period of such discreteity is very small, we will never notice it. But this does not mean that there is no such discreteness at all. But in the microcosm - everything is very small, the course of time there is very slow, the electron sees how it rotates around the nucleus of the atom - slowly and steadily (and it rotates through our time at a speed of 200 000 000 meters per second), slowly looks at other electrons of its atom and neighboring ... For such guys - the discreteness of space and time - a way of existence, the visible tissue of existence.
What is all this philosophy for?
And for understanding the seeming "simultaneous" state or finding, the meaning of cubite: "zero" or "unit". For us, it's simultaneous. And for the discrete space-time continuum it's not simultaneous.
One still has to think, not whether the discrete space-time discrete alternates with the time discrete, how the electric field alternates with the magnetic in light photons - light waves or in radio waves of our phone (which is essentially the same phenomenon, only a different number of oscillations per unit of time, which tells us that the photon is more a wave than a particle, and any particle is an illusion of our perception, and we consist of particles - so we are illusory, we are fantasy, a matrix ...). In other words - in those moments when there is space - there is no time. Or are they simultaneously there, and then they are not there at the same time?
I suspect that here is the key to understanding quantum phenomena, to building new quantum computing technologies.
Maybe, because nobody forbids to think...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 28, 2020, 02:05:37 PM
perception of continuity of phenomena and events. The key word here is continuity, in other words, a smooth transition, as we like to say, a continuous flow of our time.
The mistake is precisely that time flows continuously.
This is the first one.
The space around us is the same at any point. It is this feeling, this delusion, that underlies our Euclidean model of geometry (in general, this is the science of the properties of the surrounding space), one axiom of which is the statement that one line consists of points and one line has an infinite number of points. Roughly speaking, having thought a bit about it, such an axiom can take place only in monogamous, homogeneous space.
I suspect that our surrounding space is not homogeneous. It's discrete. At one point, it is. But it's not in the next one. That's why electrons rotate around the nucleus of the atom only in certain discrete orbits.
A line consists of points and has an infinite number of points. This was explored by Zeno in ~500 BCE, his famous paradoxes of motion - it takes time to travel between two points on a line, but before you can travel to any given point you have to travel halfway to it, before you can travel to that halfway point you need to travel half of the distance to it, etc, to infinity - so it should take an infinite amount of a time to travel a finite distance, because there are an infinite number of intermediary points you must visit first.
The resolution is that velocity always remains finite unless there is an external force applied (Newton's first law). Since velocity is distance/time, the two 'infinities' of an infinite distance taking an infinite time cancel out.
This problem has also been extended to QM as the Quantum Zeno Effect (https://en.wikipedia.org/wiki/Quantum_Zeno_effect), in which by increasing the frequency at which measurements are taken, the evolution of the wave function can be inhibited.
There's also a point of discussion here on the quantisation of spacetime, and how Planck time, the minimum measurable unit of time, could be interpreted. It is the time it takes a thing travelling at the speed of light to travel one Planck length. Space and time, as Einstein demonstrated, are inseparable, we can't define one without the other. 'Spacetime' is the fundamental 'thing' here.

It seems, if I am not mistaken, that energy between two neighboring orbits - is determined by a strictly calculated constant - Planck's constant (I have long taught, I can be mistaken, but this value is called somehow).
Here we go.   Electromagnetic wave. Spreading in space - in one point behaves like an electric wave, in the next one it does not, only as a magnetic wave. Moreover, in some points it is equal to absolute zero. And it's at these points that the magnetic wave has its maximum. I think this is because of the heterogeneous properties of different points in our space. Which means that you can't build an infinite number of identical (namely, this is meant by the term "point") points on one line. Only the finite set.
Yes, Planck's constant. Electromagnetic radiation is quantised. Energy is quantised. The effect of this on the wave function is what leads to only certain energy levels being possible - for an electron in an atom you would need an integer number of complete wavelengths to avoid destructive interference.  

And since time and space are a single continuum, as well as having other arguments on the subject of "continuity or discreteity of the category "time" (this is a long subject), I will suggest that our time is as discrete as space. In other words, there are moments when time stands still. And there are moments when time "flows", "exists". Like the heart beats.
I'm not sure I share the same conclusion. If spacetime is quantised, it wouldn't mean anything to say 'a moment when time flows' or 'a moment when time stops'... because you are defining time in terms of itself.

in the microcosm - everything is very small, the course of time there is very slow, the electron sees how it rotates around the nucleus of the atom - slowly and steadily (and it rotates through our time at a speed of 200 000 000 meters per second), slowly looks at other electrons of its atom and neighboring ... For such guys - the discreteness of space and time - a way of existence, the visible tissue of existence.

in those moments when there is space - there is no time. Or are they simultaneously there, and then they are not there at the same time?
Relativity and the quantum world are intertwined. The speed of light in vacuum is a universal constant so, counterintuitively, as we increase the speed at which something travels, we simultaneously decrease the amount of time it takes to do so. Length contraction and time dilation are real and experimentally verifiable. If we consider a photon, which is massless and travels at the speed of light... not 'close to', but 'at', then it makes no sense to even discuss time at all. No time passes for a photon, everything is instantaneous. If we imagine a photon emitted billions of years ago, travelling across the entire universe to hit the Earth today, then from the perspective of the photon, across that huge journey, no time passed whatsoever.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on July 29, 2020, 08:48:53 AM
Yes, it is. Here's your last quote.
It's a bit difficult to express your idea precisely in words, as such, without carefully selecting words, and even more so if the language of communication (for me - English is alien).
Still, it's getting interesting.
Here is your final quote. It is correct, until the exceptions are found, in the form of speeds greater than the speed of light. When I was talking about the microworld, I was talking about the flow of time there in a general sense, regardless of the speed of the object. I was not referring to the relativistic effect of time slowing down associated with the increase in speed (again, let us specify the speed relative to which reference system - ours or any other? And if the reference system is moving in the same direction as the object under study and the half of its speed?).

My assumption is that for any object of the microcosm, relative to the object of the macrocosm, even in the absence of their mutual relative motion, time in these worlds necessarily flows differently. Absolutely. And it is significantly different.
Besides, space is different. For the macrocosm, it looks like a solid canvas, without holes and spaces. That's what it seems to us. That's exactly what our human illusion is. Euclidov's geometry is built on this error. And moreover, physics itself used to be built on this mistake, if you remember, then all big thinkers from our past (and in the past science did not stand out as a separate subject) were searching for the basis of being - the atom, the particle from which the whole being is built.  And they found it. And indeed it was built, but the atom turned out to be dividable. And it was when they looked at what to divide the atom, what to divide what constitutes the atom and so on - they understood that there was no end to this division. And so there is no that very small particle, on which our whole world is built. Nature is as infinite in the decreasing line - as it is infinite in the increasing line. It was infinite in any direction. And it means in the direction of its cognition by man (and other subjects), knowledge is infinite. And it would be very advantageous for us that the microcosm is far away in its infinity - merged with the macrocosm in its distant infinity. Nature tells us that everything is round. But these are only our delusions. So is the fact that the speed of light is at its maximum. I suspect that, too.
And based on these assumptions, I assume that the space of the microcosm is discrete in its essence, in its nature. Let us remember one of its interesting and known to physics property - constant birth and "instant" annihilation of completely opposite elementary particles in vacuum (to be more exact - observed in vacuum, most likely it happens everywhere). Well, isn't it the miracle of emptiness. Constantly, continuously, forever to form something out of nothing. Or rather, that's what we think of "nothing".  Obviously, the fabric of space is absolutely not homogeneous. One point - is radically different from the other standing next to it, but may have an exact clone with a point standing a little further.   And that means that time is discrete as well. And it means that the metric measurements of the macro-world that we use are not applicable to the micro-world in any way. And it means that the measured speed of elementary particles of the microcosm - through the units of macrocosm - is both an error and a truth at the same time. After all, any measurement, and especially such as "speed", is relative. The term "speed" does not mean anything without reference to the coordinate system. And it means mass, time and everything.
Now it's about cubits again. There are two times - what's flowing and what's standing still isn't flowing. There's a discreteity of everything and space.  Photons, like all elementary particles, are "seeing" their environment. The discreteness of space and time is not always in the same phase at one point. Sometimes in a phase. It's a single cell of being.   Sometimes there's a second cell of being in a counter phase. Sometimes in a phased random state it is the next cell of being. Discretion implies instant transition, from one cell to another. With a speed greater than the speed of light, otherwise it is not discrete but analogue.
From such model of being - simultaneous state of qubit and other phenomena of quantum mechanics can be represented absolutely under another angle. We therefore spend efforts (we freeze) on deduction of elementary particles that in not that system of cells of space creates the quantum computer. It's like trying to drive a ship far in the ocean with a stick from the shore. You only have to control the ship from the ship itself. It's about the same with quantum technology today...   


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on July 30, 2020, 08:59:55 AM
It's a bit difficult to express your idea precisely in words, as such, without carefully selecting words, and even more so if the language of communication (for me - English is alien).
I am very impressed that you are able to discuss quantum physics in a second language! For me, it would be impossible.

But these are only our delusions. So is the fact that the speed of light is at its maximum. I suspect that, too.
Science advances by teaching us that our previous truths were inaccurate or mere approximations. Perhaps we will find a way to exceed the speed of light, although this is speculative in the extreme. It may need negative mass/energy... but at present is limited to thought experiments.

time in these worlds necessarily flows differently. Absolutely. And it is significantly different.
I don't think there is such a thing as absolute time. It can only have meaning within a reference frame. Certainly time from the perspective of an elementary particle is utterly different to time as experienced by a human in everyday life.

Let us remember one of its interesting and known to physics property - constant birth and "instant" annihilation of completely opposite elementary particles in vacuum (to be more exact - observed in vacuum, most likely it happens everywhere). Well, isn't it the miracle of emptiness. Constantly, continuously, forever to form something out of nothing. Or rather, that's what we think of "nothing".  Obviously, the fabric of space is absolutely not homogeneous. One point - is radically different from the other standing next to it, but may have an exact clone with a point standing a little further. 
Particles and waves are often discussed (by me, too), but these are just convenient representations. An elementary 'particle' can perhaps best be considered as an excitation of a quantum field (Quantum Field Theory (https://en.wikipedia.org/wiki/Quantum_field_theory)). It is fields that underlie everything. If we think of the Higgs boson as being the particle that gives other particles their mass, then this becomes difficult to conceptualise. If we think instead of the Higgs field, it becomes more explicable.

Consider neutron decay. A neutron does not contain a proton and an electron, that somehow burst out from it, it is rather that a change in the excitation of the neutron field causes changes in the proton and electron fields. There are no particles, there are no waves, there is simply 'particle-like' and 'wave-like' behaviour which is the result of changes in fields.
https://www.nuclear-power.net/wp-content/uploads/2015/01/free_neutron.png


And it means that the metric measurements of the macro-world that we use are not applicable to the micro-world in any way. And it means that the measured speed of elementary particles of the microcosm - through the units of macrocosm - is both an error and a truth at the same time. After all, any measurement, and especially such as "speed", is relative. The term "speed" does not mean anything without reference to the coordinate system. And it means mass, time and everything.
I would say that the perturbations of the micro average out to the macro. Similar to how if you look at bitcoin price from minute to minute, you get a jagged line... but look at it over a period of years, and the noise smooths out into an overarching pattern.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on July 31, 2020, 02:54:06 PM
Let us return to the terms of physics: "elementary particle" and "wave" (or wave function of the corresponding field).
I see the main obstacle to our mutual, common, better understanding of these phenomena: 1) in words, in terms. They seem to have an exact designation. What is difficult here is to read the definition of the term, what does it mean by the word and use them as intended. But it's not that simple. Words on the one hand unravel the question and explain it, and on the other hand leave anchors that cannot be raised and floated on.  I think this comes from the fact that all definitions, all interpretations of certain terms, are based on our language's syntax, our three-dimensional macro-metric thinking, and on our genetic memory, which makes everything that exists be viewed from the perspective of: birth; growth; development; dying; disappearance. It seems to me that such a syntax, such thinking, is absolutely inapplicable to the microcosm. And hence the second reason preventing a better understanding (the first is 1)) - 2) we consider, we say, that a particle is formed (born) from another particle or... it doesn't matter. Well, nothing seems to be right - it was not there and it was formed, we say "born". But if we change this term to a similar one, to a synonym, for example: it was born (formed) - manifested. At first glance - a game of words and nothing serious. And if you think about it, the term has appeared means that it was, is and will be, but it has not manifested in our world until now, and then suddenly it has. Let me give you a good example. Astronomers have found a new star. It did not appear at the moment when it was found, it was before that moment, but after it was found - it for us, for science, as if it has appeared. And then the term "born" is totally unacceptable. Only the term "manifested" in terms of our knowledge of the stars. Now let's get back to our particle waves. If to suppose that this phenomenon exists "always", but for us, for the observer, the particle manifested itself at some moment, it means that its existence before - was not noticed by us, not that it was "born", as for example the electron from the neutron in the proton formation. The question now is different. What made it manifest itself? And here we approach our new view of the world, only slightly changing the words describing observed phenomena, we come to surprising conclusions:
1. All particles, all fields, everything that exists is always there;
2. Something is now available to us for observation, and something is no longer available or not yet available;
3. our three-dimensional world is only a part of the big world where the particles and fields we observe exist;
4. their manifestation in our world is only partially, the phenomenon itself is much deeper and more than is available to us to observe;
The electron has to appear in our world when the proton from the neutron appears because for our model of reality it is necessary to observe the law of preservation (in this case of electric charge). For the value of the negative charge of the electron is exactly equal to the value of the positive charge of the proton. He (the electron) went to work (manifested) not because he was in the neutron, but because now it was his turn to manifest here in our reality.   
What do you think, replacement of one word "birth" with another word "manifestation for us". It seems that both words are about the same thing, and conclusions about the world structure can be made absolutely opposite. In the first model of the world, the electron should have been present in the neutron, and in the second model - it is not necessary for it to be there, though nobody forbids it.

Now let us return to my assumption that time and space are discrete. Let the moment when time and space exist for us or we exist and move in them - "1". And the state of this continuum when our time and space stops is "0". For simplicity of modeling, "1" for space and "1" for time occur simultaneously, which means in one phase. Therefore, in such a model of existence, our entire conscious life has a discrete nature that has not been noticed by us. That's fine.
Now let's try to find a confirmation of this by looking at the phenomena known, but not explained by science, from this point of view.
Let us return to the perpetrators of this conversation, our wave particles.
Everybody from school (we were told it in the school of secondary general education) knows the pronounced "observer effect". Let me remind you of the essence of experience. When a bunch of electrons (I deliberately do not specify a particle or a wave) were passed through a dispersive lattice (very narrow, relative to the size of the electron, physical slot, lumen, hole), that:

- If this experience, this experiment, simultaneously with the experiment itself, was controlled by an external observer (a person with devices), then on the control surface, located on the path of electrons and located behind the disperse lattice - there is a distribution of electron hit probability characteristic of a particle;
- if this experience is not observed by an external observer, then distribution of the same electrons on the same control surface has a probability peculiar to a wave, not to a particle (visually it is a saturated wide band in the centre, and on the sides it is a smaller and less wide and saturated band - in physics this is called, it seems, an interference wave pattern).   

Now observe the thought. We live in a world of "1". The electron in both worlds and the "1" and the "0". If we observe it from the world "1" - it makes a picture of our world for us, the world "1" - it is a particle, the picture of probability saturated in the center and smoothly saturates to the edges.
If we do not observe, the world "0" acts and the electron shows itself as a wave, as a phenomenon of the world "0". By our presence, by our observation, by our thought and word - we show the world "1", the world of human consciousness and not only.  In metaphysics it is called the first attention or manifested world. The world "0" is called the "not manifested world", or the second attention of a human being. It is those people who have the second attention that see a more complete, miraculous and completely different picture of the world than those people who have only the first attention, the scientific view from our conscious three-dimensional spatial reality. By the way, who said that time can only flow forward. Or only forward and backward. And at an angle? If you think broadly, time can have as many dimensions as space. There are so many worlds, so many uninhabited.

I mean, when you build technologies for quantum systems with only materials of the world "1", for particles that exist in many worlds at once, you always need a huge amount of energy. Does man get a good advanced result, when he still uses such ancient methods of working with other worlds, such as lowering the temperature and so on ...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on August 01, 2020, 01:43:05 PM
1. All particles, all fields, everything that exists is always there;
2. Something is now available to us for observation, and something is no longer available or not yet available;
3. our three-dimensional world is only a part of the big world where the particles and fields we observe exist;
4. their manifestation in our world is only partially, the phenomenon itself is much deeper and more than is available to us to observe
2,3 and 4 - yes.
1 - yes if we remove the 'all particles' bit.

If we look at quantum field theory, at what we perceive as 'waves' and 'particles' actually being manifestations of underlying fields, then it becomes more intuitive. All fields are everywhere, always. The electron field is a property of spacetime, and has a value everywhere within spacetime. Under certain conditions, in certain spatio-temporal instances, the excitation of this field is sufficient to manifest as an electron. But there is no 'electron', there is only the state of the field. We can see this is true if we consider the manifestation of virtual particles. A virtual particle is a more temporary excitation of the field, which does not quite manifest as a 'particle', but nevertheless can be said to exist and indeed is proven to exist, as for example the mediator of electromagnetism. Consider also quantum chromodynamics, and the mechanism by which a proton or a neutron is held together, by the strong force, mediated by gluons, which are virtual, which are a representation of the excitation of the gluon field. All fields can be said to exist everywhere in space and everywhere in time, nothing is created or destroyed, there is only a change in quantum excitation.

Now let us return to my assumption that time and space are discrete.
It does seem likely, if the way that spacetime fields manifest is discrete and quantised, that spacetime itself is discrete and quantised, and can have a minimum unit. However... we can't prove this, it may be just a mathematical convention to remove troublesome infinities. I doubt we will have an answer to this question until we have a proper unification of quantum theory and gravity.

- If this experience, this experiment, simultaneously with the experiment itself, was controlled by an external observer (a person with devices), then on the control surface, located on the path of electrons and located behind the disperse lattice - there is a distribution of electron hit probability characteristic of a particle;
- if this experience is not observed by an external observer, then distribution of the same electrons on the same control surface has a probability peculiar to a wave, not to a particle (visually it is a saturated wide band in the centre, and on the sides it is a smaller and less wide and saturated band - in physics this is called, it seems, an interference wave pattern).    

Now observe the thought. We live in a world of "1". The electron in both worlds and the "1" and the "0". If we observe it from the world "1" - it makes a picture of our world for us, the world "1" - it is a particle, the picture of probability saturated in the center and smoothly saturates to the edges.
If we do not observe, the world "0" acts and the electron shows itself as a wave, as a phenomenon of the world "0". By our presence, by our observation, by our thought and word - we show the world "1", the world of human consciousness and not only.  In metaphysics it is called the first attention or manifested world. The world "0" is called the "not manifested world", or the second attention of a human being. It is those people who have the second attention that see a more complete, miraculous and completely different picture of the world than those people who have only the first attention, the scientific view from our conscious three-dimensional spatial reality. By the way, who said that time can only flow forward. Or only forward and backward. And at an angle? If you think broadly, time can have as many dimensions as space. There are so many worlds, so many uninhabited.
Yes. The double-slit experiment is the essence of quantum mechanics and its implications are profound. The Copenhagen Interpretation may be the standard, but is not without its flaws. Your interpretation sounds closer to Everett's 'many worlds' view, which is perfectly legitimate.
The question of whether time can only flow forward is an interesting one. This obviously has implications for entropy. Obviously we have no way as yet to prove or disprove anything in this regard.

particles that exist in many worlds at once
Again, we have no answer here. Is the world or the field more fundamental? If a quantum wave function can collapse to an outcome of 0 or 1, then in 'many worlds' both outcomes occur, we have a universe where the result is 0, and a universe where the result is 1. We have two universes. But can we say we now have two 'particles', one that gives a 0 and one that gives a 1, or is this the same 'particle', the same field, a single field manifesting across universes?


Thank you again for the discussion, by the way. And again - it is impressive that you are able to discuss this in a second language!


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on August 06, 2020, 09:20:18 AM
It is interesting to communicate with a competent interlocutor who has his own views.
Let's put our knowledge of the micro-world together again and think. Because it is at this level of being that quantum phenomena occur, which we want to use to solve our problems. 
1) Note that the whole space of the microcosm is an endless fireworks of birth and annihilation of particles. There is an impression that it is not only not homogeneous, but also does not have its stable, calm state. It is the same as life, if we classify the term "life" in terms of energy processes. Space is reminiscent, by all attributes, (and hence time - if their continuum has no breakpoints, it is still an open question) of living essence. Energetically, it is a continuous converter of one energy into another, there is no peace, there are no "silence" points, there is something similar to our evolution. I can imagine what it looks like when you look at this phenomenon from below, from the microcosm itself. It's a slow and majestic fireworks, a salute, an endless holiday of "life", special and incomprehensible to us. Yes, I hope you haven't forgotten that in the microworld, time is different. And these beautiful "salutes", these endless processes of birth and annihilation of all things (particles, for example) around the observer - are slow, not as fast as it seems to us when we look at it from the microcosm. It must be beautiful.
2) Let us add to this picture - the atom next to it. What strikes me in it is order and infinity. All atoms have one law of structure. The disintegration of an atom into its constituents is infinite; a micromir can decrease infinitely (this is an assumption, a fantasy, a feeling). And also - electrons which rotate around the nucleus, only 2 on one atomic orbit (Pauli's prohibition - no more than 2) and only with different spins. After all, it is the spins of the particles that we use in quantum systems. And here's the rule. And there's one more thing. In the theory known to me - orbits of one sublevel of the atom are always, at first, filled with electrons with the same spins (Hunda rule). But why is that? And again, these laws are about the same "our" spins of particles. Isn't it a reason to think, why the electron in the atom always pulls its brother on the back? How does the atom know which spin the electrons that came in? It's something like a system of accounting, control, program. It's like a computer - what the programmer wrote, he did. There's not a single person who's dissatisfied. It's like a prison for space... Or are atoms prison cells for free, living space? 
By the way, I couldn't find an answer to the question, maybe you know, the birth and annihilation of particles discussed here, observed in "empty" space in a vacuum, is possible in the points occupied by the atom? It is fundamental to know that it would be correct to develop the point of view proposed here. 
3). Yes, looking with the eyes of a creature from the macrocosm, there is no space inside the atom or it is fundamentally different from what is outside the atom. The atom itself is empty, it is actually a huge volume of emptiness filled with small particles. Approximately if the nucleus of the atom is the size of a football ball, the electron is the size of a large apple, the distance to the nearest s-electrons of the level will be about 30 km. That's only to the closest ones. Well, isn't that an empty space? The question is, is it as empty as outside the atom or another? In other words, is it the same space, with the same properties as outside the atom or not?
4). All electrons inhabiting the atom, and there can be many of them, always spin in strictly defined orbits. The question is, in case there is no electron in orbit, the space of this orbit is the same as the rest of the space inside the atom as those places inside the atom where electrons are NEVER and NEVER can be.
No matter how mentally I build a model of the atom with homogeneous properties of space inside the atom and homogeneous properties of space outside the atom, I do not get a slender model. But as soon as I assume that space is discrete everywhere, inside and outside the atom, the model built looks more attractive.
Yes, and why what is inside the atom so critical exactly to the back of the electron, exactly to the physical characteristics of the particle, which is used by man for quantum models of the computer, the Internet and other things?
And if we fantasize, is it possible to construct a model of quantum computer using other quantum characteristics of elementary particles?
To build a quantum Internet using anything other than the photon's back is possible if there are other quantum properties connected between particles. And are there such?
I will notice that the spin of an electron is a rotation.
Note that everything around, in the universe - necessarily spins.
And here's the question for the theory of relativity. The point which is on the surface of the rotating object has a higher linear speed relative to the center than the point which is near the axis of rotation. For these two points, time flows on different silt.

No matter how mentally I build a model of an atom with homogeneous properties of space inside the atom and homogeneous properties of space outside the atom, I do not get a slender model. But as soon as I assume that space is discrete everywhere, inside and outside the atom, the model built looks more attractive.
Yes, and why what is inside the atom so critical exactly to the back of the electron, exactly to the physical characteristics of the particle, which is used by man for quantum models of the computer, the Internet and other things?
And if we fantasize, is it possible to construct a model of quantum computer using other quantum characteristics of elementary particles?
To build a quantum Internet using anything other than the photon's back is possible if there are other quantum properties connected between particles. And are there such?
I will notice that the spin of an electron is a rotation.
Note that everything around, in the universe - necessarily spins.
And here's the question for the theory of relativity. The point which is on the surface of the rotating object has a higher linear speed relative to the center than the point which is near the axis of rotation. For these two points - time flows differently or not?   
Before answering, take into account the fact that the rotating object has its linear speed relative to other objects. Which means that time is different from them. The time of a moving object flows slower relative to the one that is at rest. This is understandable. And what can be the definition of time for our 2 points, the same object that has its spin (rotation), for a point on the surface and points on the axis of rotation? What their time concerning moving past them object with the big linear speed?
If the time is split and the answers are different relative to the reference point, then the answers are easy to give, even you can calculate them.
And if time is different for all, and time is in a continuum (allegedly inseparable) with space, then not only the time is different for these points, but also the space in which they exist. And this is a journey to other worlds...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on August 07, 2020, 08:34:52 AM
the whole space of the microcosm is an endless fireworks of birth and annihilation of particles. There is an impression that it is not only not homogeneous, but also does not have its stable, calm state. It is the same as life, if we classify the term "life" in terms of energy processes.
Yes. 'Empty' spacetime still has a minimum vacuum energy, as described by Heisenberg's uncertainty principle for time and energy (rather than as we normally use in quantum physics, position and momentum). The 'endless fireworks of birth and annihilation' (which is a really nice description, by the way) is simply a manifestation of what spacetime is, with the quantum fields that are properties of spacetime.


these endless processes of birth and annihilation of all things (particles, for example) around the observer - are slow, not as fast as it seems to us when we look at it from the microcosm. It must be beautiful.
Yes, it would be truly profound to be able somehow to 'see' this happen. I have been lucky enough in the past to be given particle traces from CERN to analyse, and it is remarkable to see the evidence in front of your eyes, even if it is  just a record of what has happened, rather than seeing it first-hand.


The disintegration of an atom into its constituents is infinite; a micromir can decrease infinitely (this is an assumption, a fantasy, a feeling).
I'm not sure I agree. As far as we know, of the protons, neutrons and electrons that sit within an atom, the electron is a fundamental indivisible particle (I am simplifying again, meaning particle as the manifestation of the relevant underlying quantum field). Protons and neutrons are composite particles, built of quarks (which are fundamental). The quarks are held together by the strong nuclear force, which is mediated by (virtual) gluons. As far as we know, there is no further division possible beyond this point - and indeed this fits with the laws of physics as described by the standard model.

And also - electrons which rotate around the nucleus, only 2 on one atomic orbit (Pauli's prohibition - no more than 2) and only with different spins. After all, it is the spins of the particles that we use in quantum systems. And here's the rule. And there's one more thing. In the theory known to me - orbits of one sublevel of the atom are always, at first, filled with electrons with the same spins (Hunda rule). But why is that?
As far as I'm aware, Hund's 'bus seat' rule works because the lowest energy state is the one that maximises spin. So it is just 'easiest' (or 'most efficient') for the subshell to be singly occupied before the electrons start pairing up (because doubly occupied +1/2 and -1/2 equates to net zero spin).


By the way, I couldn't find an answer to the question, maybe you know, the birth and annihilation of particles discussed here, observed in "empty" space in a vacuum, is possible in the points occupied by the atom? It is fundamental to know that it would be correct to develop the point of view proposed here.
When we talk about spontaneous birth and annihilation (as we have above), we are referring to the energy-time uncertainty inherent to the universe, as described by Heisenberg. We are talking about the uncertainty associated with an absolute minimum energy state, and the fact that this is non-zero. We must also consider that these quantum fluctuations manifest as virtual particles (i.e., they can't be detected directly), andd that they do so only for an extremely brief timespan. If we then consider the region of spacetime that is within an atom, then we are no longer talking about a minimum vacuum energy. However the uncertainty still remains, but it is uncertainty above that tiny non-zero limit.  It gets difficult when we start considering virtual particles, when really all we are talking about is a field fluctuation.


looking with the eyes of a creature from the macrocosm, there is no space inside the atom or it is fundamentally different from what is outside the atom. The atom itself is empty, it is actually a huge volume of emptiness filled with small particles. Approximately if the nucleus of the atom is the size of a football ball, the electron is the size of a large apple, the distance to the nearest s-electrons of the level will be about 30 km. That's only to the closest ones. Well, isn't that an empty space? The question is, is it as empty as outside the atom or another? In other words, is it the same space, with the same properties as outside the atom or not?
No, it's not empty space. Or, it's only empty space if we consider electrons, quarks etc as actually being particles, as being little dots with a physical size. When in fact, we know that the 'particle' has a wave function, and what we think oif as a 'particle' is simply a classical outcome of the wavefunction resolving to a discrete point. But quantum field theory describes it more eloquently. Everything that we see, everything that exists, is the relationship between perturbations of all of the quantum fields that exist as a part of spacetime. So 'empty space' within an atom is not the same as 'empty space' outside, because we have the wavefunction, because we have the electroweak force, because we have the strong force mediated by virtual gluons, and because these forces are fluctuations of quantum fields at that local point within the atom. Additionally, when we say 'if the atom is the size of a football field, the electron is the size of a large apple', what we actually mean is I think that if the atom is a football field, then the minimum resolvable unit of space as determined by Planck is the size of an apple. We can't ever say that the electron has a 'size' as such.


And if we fantasize, is it possible to construct a model of quantum computer using other quantum characteristics of elementary particles?
To build a quantum Internet using anything other than the photon's back is possible if there are other quantum properties connected between particles. And are there such?
A qubit is just the fundamental unit of quantum information, so in theory any quantum property that resolves to two classical outcomes can be used as a qubit. Electron spin. Photon polarisation.


I will notice that the spin of an electron is a rotation.
Note that everything around, in the universe - necessarily spins.
And here's the question for the theory of relativity. The point which is on the surface of the rotating object has a higher linear speed relative to the center than the point which is near the axis of rotation. For these two points - time flows differently or not?   
Before answering, take into account the fact that the rotating object has its linear speed relative to other objects. Which means that time is different from them. The time of a moving object flows slower relative to the one that is at rest. This is understandable. And what can be the definition of time for our 2 points, the same object that has its spin (rotation), for a point on the surface and points on the axis of rotation? What their time concerning moving past them object with the big linear speed?
I think the term 'spin' as applied to an electron is just a description of its state, and does not refer to an electron actually rotating. It is an expression of the electron's inherent angular momentum. Firstly, electrons have no size (as far as we know), secondly, they are not physical objects, but rather field fluctuations. I don't think we can say that an electron rotates. However I certainly agree that time flows differently from the perspective of an electron.
This is all complicated by the fact that we have no real way as of yet of linking quantum mechanics with relativity.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on August 08, 2020, 08:56:12 AM
Development and quantum technology are moving forward much faster than we think.  A powerful quantum computer will be built soon. There's even a contract with a serious organisation, as it turns out.
Information about real achievements in this field of knowledge is not disclosed to us, partly hidden from a wide range of readers.  This is what makes me think of the next news in the media.
The Office of Advanced Research Projects of the U.S. Department of Defense (DARPA) has signed a contract with ColdQuanta to build a new quantum computer. 
As we've been informed, building a quantum computer for 1000 cubic meters will be possible in the coming decades. But, based on what we're told, the deadline for creating such a computer has already come today. Here is what is reported on the details of this new quantum project:
 - according to the words of Bo Ewald, CEO of ColdQuanta, within the next 40 months, under the terms of this contract, a machine will be created, which will consist of 1000 (one thousand!!!!) cubits, and it will be able to make the necessary calculations... to create medicines and... (not interesting and not true) - to crack the ciphers.

All this suggests that fans and users of modern key cryptography have no more than 40 months (less than two years) left to change all their software, from operating systems to bitcoins. I'm not talking about the most asymmetric encryption anymore. And this applies to any end-to-end encryption model that we all use, in almost all communications solutions, because all of these technologies are built on asymmetric encryption methods in the phase of matching the shared key for symmetric encryption systems with the variable session key.

In 40 months' time, the era of quantum cryptography for the strong world and keyless encryption for the common people will begin.
If much is said about quantum cryptography, then keyless encryption methods are considered fiction and are not worthy of public attention.

However, I don't think so. For those who want to make a journey into the possible future of keyless encryption methods, I recommend to look at this forum: https://bitcointalk.org/index.php?topic=5204368.0 (there are a lot of my posts were removed by the administration, so the sequence of thought was broken).
or this project: https://toxic.chat/.

The fact is that once a 1000 cubic meter quantum computer is created - the growth of computing power of new quantum computers - will not stop. The next one may be 10 000 cubic meters and so on.

Everything is moving much faster than we think.
And even the postulate about impossibility of speed exceeding the speed of light in a vacuum is only a temporary mistake. This ban was found by one man, Einstein. One genius - against all the others who stubbornly looked only at the official scientific line.
You can understand them. It's convenient. It's prestigious, scientific titles, respect, certainty. But you find one against all, and he wins this battle. Now everybody, just as they've always been used to it, is sticking to this official line of science. It's the same with quantum technology, too. But it's not as real as we think it is.
There's also one madman who will win the next battle, one against all, and give mankind a speed greater than the speed of light, much greater...
By the way, and what speed of interaction of connected photons, after all this phenomenon is used in construction of the closed communication channel protected by methods of quantum cryptography? Isn't this speed greater than the speed of light? I have heard that the speed of this interaction between bound photons Absolutely does not take into account the distance between these photons. Isn't that proof of speed greater than the speed of light?

Additionally, about the quantum paradoxes of our world, which we are successfully learning, I'll tell you later.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on August 08, 2020, 04:08:29 PM
- according to the words of Bo Ewald, CEO of ColdQuanta, within the next 40 months, under the terms of this contract, a machine will be created, which will consist of 1000 (one thousand!!!!) cubits, and it will be able to make the necessary calculations... to create medicines and... (not interesting and not true) - to crack the ciphers.

All this suggests that fans and users of modern key cryptography have no more than 40 months
I can't find a ton of detail on the proposed ColdQuanta machine, but a couple of things lead me to think this will pose zero threat to cryptography. First is the name Bo Ewald - he is famous as the president of D-Wave, which is a quantum annealer rather than a general purpose QC. Second is the quote below:

Quote
The objective is to show quantum advantage of quantum-hybrid systems over classical systems for a range of difficult combinatorial optimization problems including resource allocation, logistics, and image recognition.
https://www.hpcwire.com/off-the-wire/coldquanta-awarded-contract-7-4m-darpa-cold-atom-quantum-computers/

The key phrase here is 'combinatorial optimization problems'... which is pretty much a giveaway that we are talking about a quantum annealer.
The way these work is that when the problem is modelled, the annealer searches across the energy landscape for an absolute minimum... however in practice they often find a local minimum instead. So they are no good for finding the single solution to a problem, they are no good for running Shor's algorithm to break asymmetric cryptography, instead they can be used for problems where what is needed is simply a 'good enough' answer (a local energy minimum). These are travelling salesman type problems. Combinatorial optimisation. A quantum annealer can be incredibly useful for a certain use case. But it is no threat to bitcoin.



And even the postulate about impossibility of speed exceeding the speed of light in a vacuum is only a temporary mistake. This ban was found by one man, Einstein. One genius - against all the others who stubbornly looked only at the official scientific line.
You can understand them. It's convenient. It's prestigious, scientific titles, respect, certainty. But you find one against all, and he wins this battle. Now everybody, just as they've always been used to it, is sticking to this official line of science. It's the same with quantum technology, too. But it's not as real as we think it is.
There's also one madman who will win the next battle, one against all, and give mankind a speed greater than the speed of light, much greater...
Relativity is experimentally verifiable. We can't really say it's the word of one man, when the effects are proven and reproducible. I'm not saying we'll definitely never find a way to travel faster than light, but the evidence at the moment is that this is the absolute limit. The effects on time and space are well known and, as I say, verifiable. It would require infinite energy for a thing with mass to hit light speed. Additionally, if object A and object B are moving away from a stationary observer in opposite directions, both travelling at c, then the relative speed of one to the other is not c+c=2c, it's c... the answer to the apparent discrepancy lying with time dilation.

By the way, and what speed of interaction of connected photons, after all this phenomenon is used in construction of the closed communication channel protected by methods of quantum cryptography? Isn't this speed greater than the speed of light? I have heard that the speed of this interaction between bound photons Absolutely does not take into account the distance between these photons. Isn't that proof of speed greater than the speed of light?
Photons are massless and travel at the speed of light. This means that from the perspective of the photon, time does not pass. The distance from the Sun to the Earth is around 8 light minutes. This means that when you see the Sun, you are seeing it as it was 8 minutes ago, because the photons from the Sun travel at the speed of light. If the Sun were suddenly to go out, we would not notice this for 8 minutes. If instead we consider photons moving between two points on Earth, the distance is so small to make it effectively instantaneous.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on August 10, 2020, 12:28:48 PM
About the 1000cc quantum computer - you're right, maybe that's not what it says. But then it's completely unclear why the US Department of Defense (DARPA) not only signed such a contract, but also made this information public.

But the photon, how it is arranged, why it is arranged in such a way and why finding the optimal way to control its nature for solving our computational problems - it captures me and I can continue the discussion.

I wonder what is the speed of interaction of two connected photons from the viewpoint of our macro-world, our three-dimensional in space and one-dimensional in time world? If it were the speed of light, then this interaction would be tied to the distance between the photons. But I read that there's no difference in the distance between the photons in our world.
I specifically wrote "in our world", meaning that perhaps there is another world in which these same linked photons look completely different.

A photon is not only a particle, a standing wave of light spectrum electromagnetic waves, but also thermal radiation, another spectrum of electromagnetic waves. Everywhere, they are similar or not, but photons.
And what photon (what spectrum of electromagnetic waves oscillations) is used in quantum computers - nowhere I have found.
This massless particle - has no mass of rest, but has mass when moving. It follows from the fact that, according to the formulas of the theory of relativity for energy and impulse, the speed "v" of a particle is determined through its impulse p, mass m and the speed of light with the ratio where E=mc2 is the energy of the particle. It follows that they cannot be in a state of zero energy.
It also follows that the spin values of mass-free particles can only be integer or semiparticles.

Therefore all "mass-free" particles should move only with speed of light. And that's why they all seem to have mass because of the speed of light.
That's why light and any electromagnetic radiation has a gravitational interaction, and therefore attracted by massive objects of the macro-world. That is how old Einstein became famous, received confirmation of his theories, when at the moment of solar eclipse was recorded deviation of the light beam emitted by the star and passing near the sun.
History writes that he woke up famous on that day. And so, all his life proving, almost without success, that he was right.
That's what I meant when I wrote "one against all".
But in reality there were 3 people (like him then supported by Lorenz and Poincaré).
For example, the thermal radiation inside a litre container weighs approximately one carbon atom.
The mass of radiation grows rapidly with temperature, but only at one billion degrees does it compare in density with our usual substance.
The term "mass-free" does not accurately reflect the nature of this particle. Due to the principle of equivalence of inert and gravitational masses, all mass-free particles participate in the gravitational interaction.

For our topic it is interesting that the properties of qubit can have any objects that are in the free state in the superposition of any 2 of its states. It is interesting why a photon was chosen for a quantum computer. Although I understand why a photon spin was chosen as a measurement parameter. Because this parameter in "mass-free" particles can have only integer values. but why the photon? It's very difficult to work with it, cool it, protect it, a little decoherence time and so on.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on August 11, 2020, 08:21:16 AM
About the 1000cc quantum computer - you're right, maybe that's not what it says. But then it's completely unclear why the US Department of Defense (DARPA) not only signed such a contract, but also made this information public.
A quantum annealer - if it is indeed an annealer, I am only speculating - is still very useful. It is perfect for solving certain types of problems, and doing so exponentially faster than a classical computer. This 1000 qubit annealer could be an important advancement... it's just that it's no threat to asymmetric cryptography.


I wonder what is the speed of interaction of two connected photons from the viewpoint of our macro-world, our three-dimensional in space and one-dimensional in time world? If it were the speed of light, then this interaction would be tied to the distance between the photons. But I read that there's no difference in the distance between the photons in our world.
I specifically wrote "in our world", meaning that perhaps there is another world in which these same linked photons look completely different.
I think the speed of interaction would always be light speed. The speed of a photon from a normal human perspective is c. As for the speed of a photon from the viewpoint of another photon, well, this is problematic. I don't think we can say that a photon sees another photon moving at c, or at a proportion or c, or even, for two photons travelling in the same direction, that they each see the other as having zero relative velocity. The reason we can't say this, is because the perspective of a thing travelling at c is the limiting case. No time passes for a photon. A photon regarding another photon sees simply a thing, not a thing that moves in time.


A photon is [...] The term "mass-free" does not accurately reflect the nature of this particle. Due to the principle of equivalence of inert and gravitational masses, all mass-free particles participate in the gravitational interaction.
I agree with your explanation of a photon, which I have truncated here. Yes, when we say it is 'massless', we are referring to it having zero rest mass. The problem is complicated because we have no proper relativistic theory of quantum mechanics. For QM, a photon is massless. For relativity, a photon has zero rest mass, but does have relativistic mass.
E=mc2 expands out to: E2 = p2c2 + m2restc4, where p = mrelv

But we can't talk about relativity from the perspective of quantum mechanics, because we don't yet have a proper marriage of the two theories.


And what photon (what spectrum of electromagnetic waves oscillations) is used in quantum computers - nowhere I have found.
Boson sampling is one approach:

https://www.scientificamerican.com/article/quantum-computer-made-from-photons-achieves-a-new-record/
Quote
Boson sampling can be thought of as a quantum version of a classical device called the bean machine. In that device, balls are dropped onto rows of pegs, which they bounce off of, landing in slots at the bottom. The random motion of the balls typically leads to a normal distribution in the slots: most balls fall near the center, and fewer fall toward the sides, tapering off at the edges. Classical computers can easily simulate random motion to predict this result.

Boson sampling replaces the balls with photons and the pegs with optical devices such as mirrors and prisms. Photons are fired through the array and land in a “slot” at the end, where detectors register their presence. Because of photons’ quantum properties, a device with just 50 or 60 photons could produce so many different distributions that classical computers would take billions and billions of years to forecast them.

But boson sampling can predict the results by carrying out the task itself. In this way, the technique is both the computational problem and the quantum computer that can solve it.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on August 12, 2020, 06:47:33 AM
I'm thrilled. You have such a deep understanding of quantum mechanics, and you can explain these complicated things so clearly that I will not understand what you are doing in this forum. According to my observations, there's a great deal of popularity here for topics related to quick practical results for readers.

Let's get back to our topic.
Physicists have long wanted to bury the old particle theory of the structure of the universe. Modern trends in science - a particle is a private state of the wave nature of matter. Simply put, it's a standing electromagnetic wave.
The theory of particles - this is the so-called Standard Model of the universe, to date, in a layer of the most elementary particles, found 6 quarks, 6 leptons, gluon, photon, z-boson and w-boson.
And this could be the end of this model.

But recently (it seems on a large collider in Switzerland) found the main find of modernity - "God's particle": the Higgs boson, a particle whose presence in matter determines its mass of rest.  So it's a gateway to the world of particles. A world in which one can exist - without having to move at the speed of light?

If a photon has no resting mass, it means it has no Higgs boson, so I understand. It turns out that he (the photon) is doomed, has to move only at the speed of light and no less than (!), precisely because he would have grounds to participate in the gravitational interaction.
This participation is the main law of our world, isn't it?
So gravity is not a property of our world, but our world itself. The property of gravity is our macro and micro world, not the other way around.
The idea is that its (photon) gravitational interaction with the surrounding world is not a consequence of its movement at the speed of light, as it is proved in science, but exactly the opposite. Due to the fact that he is deprived of the Higgs boson, he (poor) is forced to fly at only such a speed. Otherwise he will have no mass of movement (impulse). Hence the conclusion - everything in our world that cannot participate in the gravitational interaction with its objects - for our world does not exist.
As a result of this reasoning, there is a question.
And are there real mass-free particles, which exist without the obligation to move at only the speed of light in a vacuum?
If such particles are known, I am completely wrong.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on August 12, 2020, 10:20:29 AM
I'm thrilled. You have such a deep understanding of quantum mechanics, and you can explain these complicated things so clearly
Thanks :) I'm trying my best, but whilst I do have some background in theoretical physics, I am not an expert. Please don't assume I am getting everything correct!

the Higgs boson, a particle whose presence in matter determines its mass of rest.  So it's a gateway to the world of particles. A world in which one can exist - without having to move at the speed of light?
The Higgs boson is the manifestation of an excitation of the Higgs field. The Higgs field, as with other fields, permeates spacetime, is everywhere in spacetime, and may be thought of as a property of spacetime. So all particles in spacetime interact with this Higgs field to a greater or lesser degree. The extent of the interaction determines a particle's 'mass'. We are talking about rest mass at the moment, because we are talking about elementary particle physics and ignoring relativity. Technically, as far as I understand it, the Higgs boson manifests at the moment that electroweak symmetry is broken, where the W and Z bosons are created.
I don't think any of this has any impact on the speed of light; we are not talking about the Higgs boson travelling around and imparting mass, it is just a manifestation of an underlying field that is everywhere all the time.

If a photon has no resting mass, it means it has no Higgs boson, so I understand. It turns out that he (the photon) is doomed, has to move only at the speed of light and no less than (!), precisely because he would have grounds to participate in the gravitational interaction.
Yes, photons do not interact with the Higgs field.

So gravity is not a property of our world, but our world itself. The property of gravity is our macro and micro world, not the other way around.
I would say that gravity is an underlying field, which is a property of spacetime. Relativity expresses this as spacetime curvature. When we talk about light from a distant star 'bending around' a nearby star due to gravity, this could be misleading. It is better understood as light travelling in a straight line across a curved space; it is the star's gravity well that creates the curvature.

https://astronomy.com/-/media/Images/Magazine%20Articles/2019/October/sunandearth.png?mw=600
https://astronomy.com/-/media/Images/Magazine%20Articles/2019/October/sunandearth.png?mw=600

A good analogy is the flight path below. The shortest distance between Madrid and New York is the upper line, not the lower one. The upper line represents travelling in a straight line around the curved surface of the Earth.
https://gisgeography.com/wp-content/uploads/2016/11/RhumbLine-GreatCircle-2-678x421.png
https://gisgeography.com/wp-content/uploads/2016/11/RhumbLine-GreatCircle-2-678x421.png

everything in our world that cannot participate in the gravitational interaction with its objects - for our world does not exist.
As a result of this reasoning, there is a question.
And are there real mass-free particles, which exist without the obligation to move at only the speed of light in a vacuum?
If such particles are known, I am completely wrong.
The known massless particles are photons and gluons. Photons travel at the speed of light. Gluons, I suppose, technically, travel at the speed of light. However we come back to what a particle 'is'. Gluons are virtual particles bound within nucleons, and when expressed in quantum chromodynamics we talk rather of the gluon field. Beyond this, there is the possibility that gravitons exist as mediators of the gravitational field. Again, it becomes complex, because we don't yet have a proper theory of quantum gravity.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on August 12, 2020, 01:21:23 PM
Please specify one thing. In the picture in the past, you can see that the beam from the star, passing near the star (the sun probably) - repulses. Is it?
I've always thought that large gravity objects attract a flow of photons to them, that's how gravity works in our everyday experience. That is why an electromagnetic wave (a flow of photons) cannot break out of the horizon of the black hole events.
I think the essence of space curvature by gravity in the picture is wrongly depicted.

And I want to note that the substitution of words:
1. two objects having mass - are attracted to each other or 2. the space around the massive object is curved and therefore the straight beam of light is also curved = identical, and do not explain the essence of the phenomenon of gravity. It's just a way of saying things differently, no more.

If in electromagnetic interaction there is a rule of attraction of differently charged particles and a rule of repulsion of equally charged particles, we intuitively want to use the discovered effect - on gravity. It's not only that objects absolutely identical to the atom can be attracted, but also different physical essence of the physical value "object mass" and gravitational attraction between objects - is present!  Mass is not identical to gravity, but these two phenomena always go hand in hand. Plus there is no possibility to make a gravitational insulator, and in electromagnetism it is possible.

And what's more interesting is that gravity reigns in the macro world.
In the microcosm, electromagnetism is at the level of the atom. There's nothing worth gravity. The whole substance surrounding us is of electromagnetic nature, plus virtual (I called them so here, this is my opinion) forces of weak and strong interaction, which are also a way to discuss the observed, not tools to understand it or notions that explain anything. Scientist sees that the atomic nucleus is held by something, so there is a force. Whatever you want to call it, it's what you want to call it. We transfer Newton's macrocosm laws to the microcosm. Force, acceleration, and speed itself are not very convenient concepts for the microcosm, where all objects are blurred in space and in essence are not defined by coordinates and there is no possibility to simultaneously measure both their coordinate and their physical parameters. Either that or that. How can we afford the observed effect of holding the components of the atomic nucleus together - the effect of strong or weak interaction? And add the term "force" to that. This is not the case when there is an object to which one can apply force and get acceleration. It's a microcosm. Everything there is dual (two or more have meanings, everything is not unambiguous) and uncertain. The most important thing is discretely space (distance) itself, energy (Planck's constant), mass (a multiple of God's Higgs boson), spin, electric charge, and I suspect time. Well, anything you don't take has no smooth nature. There's stairs everywhere!!!

That's why I didn't study the physics of the microcosm, that I didn't agree with the approach that science takes from the beginning. It seems to me that the microcosm is much thinner and more intellectual than the laws of our macrocosm and its view of nature. That's right, philosophy...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on August 12, 2020, 05:43:54 PM
Please specify one thing. In the picture in the past, you can see that the beam from the star, passing near the star (the sun probably) - repulses. Is it?
I've always thought that large gravity objects attract a flow of photons to them, that's how gravity works in our everyday experience. That is why an electromagnetic wave (a flow of photons) cannot break out of the horizon of the black hole events.
I think the essence of space curvature by gravity in the picture is wrongly depicted.
No, the star doesn't repulse the light. Gravity is always attractive, never repulsive. The light travels in a straight line in spacetime, it's just that spacetime is curved around objects that have mass. A common way to visualise this is to place heavy objects on a rubber sheet. This is probably a better picture. If you imagine someone rolling a small ball from one side of the sheet to the other, the ball's path will curve as it passes close to the heavy object in the centre of the sheet. The ball itself travels in a straight line, it's just that the thing it's travelling on is curved.
https://i.pinimg.com/originals/6e/20/ec/6e20ecc24000edce3c1ebe4e6d10237e.jpg

If in electromagnetic interaction there is a rule of attraction of differently charged particles and a rule of repulsion of equally charged particles, we intuitively want to use the discovered effect - on gravity.
But gravity is a different field, with different properties. Gravity is always attractive, never repulsive.

large gravity objects attract a flow of photons to them, that's how gravity works in our everyday experience. That is why an electromagnetic wave (a flow of photons) cannot break out of the horizon of the black hole events.
If you look at that sheet above, the effect of a black hole is to produce such extreme curvature that eventually, in the centre, it drops vertically. Nothing can escape. Everything, photons included, has to follow the curves of spacetime, the only difference with a photon is that because it is massless, it doesn't create its own small curvature. A photon in the above image might be an effectively weightless ping pong ball - but it still has to follow the contours of the sheet. When it passes through the event horizon of a black hole, it still falls in. And we have to remember also that we are talking about spacetime rather than space and time as separate things. Gravity doesn't just cause curvature of space, it also slows down time, which is why for a distant observer, something that falls towards the event horizon never actually seems to go through it and disappear, because the spacetime curvature is so great.

Actually, better than that screengrab, have a look at this video (https://www.youtube.com/watch?v=MTY1Kje0yLg). The balls that are thrown at around 2:45 all travel in a straight line - across a curved surface. This is how gravity works.

Think also of the moon orbiting the Earth. What is happening is that the moon is actually falling towards the Earth (in a straight line), it's just that its speed is sufficient to keep it moving forever around the lip of the gravity well.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on August 13, 2020, 06:36:10 AM
Yes, I agree, video understandable, the idea of curvature of our space-time is old as the world. I don't understand why passing near a massive object a ray of light has exactly such curvature as in the picture - deviates from the mass. By the way, it completely contradicts the behavior of objects in the video you provide.
About the mass.
Curvature is good, but it's only a way to talk about it.
I cannot but confirm that these questions are better known to the creator of our world, if he himself has not forgotten what he did.
But the photon beam itself - it has a mass, and completely independent of the so-called curvature of space-time. That is why the heated gas in a closed measuring system - has its own weight, which increases with increasing temperature. Because as the temperature increases - there is an increase in the flow of photons of infrared radiation in the closed system. A closed system is one in which the photons do not fly out, but are reflected and remain inside (Thermos).  Temperature rise - is an increase in the flow of photons, an increase in their number. That is why the mass of such a system, when heated, will increase.
I think a photon has a mass of motion...
The fact that time and space are one continuum is only a hypothesis.  That hypothesis has a lot of evidence. But the opposite hypothesis that time and space may sometimes be not in phase, not in such a single and indivisible continuum as we think, also has no evidence to disprove it.
An electromagnetic wave is also a continuum of electric and magnetic fields. But, in the absence of oscillations, an electric field can successfully exist without a magnetic one.  And there is no continuum! It's broken.
This indirectly confirms that the continuum also has its own time-space (a more correct definition than space-time, in my humble opinion) oscillations which we do not notice while we are inside this medium. Probably, this continuum can be as broken as any other. Nature is infinite and does not like the limitations of its manifestation.
An example in support of this view.
The theory of black hole existence. A place where gravity is enormous. Time increases (let us define that when time slows down in relation to our reference system, it means that time as a parameter of the length of events increases (!!!), and not vice versa, it is very important not to confuse and not to give in to the opinion of one's "common sense", science has often proved that it is "common sense" that is false), and space in these conditions decreases.
Let's check it out.
The rate at which any object falls under these conditions relative to us seems to be decreasing. The object is slowing down. That's because there's more time than we have. Let's see: velocity V is distance / time. That's right, only in this concept of time and space evaluation, speed V by its formula tends to zero relative to our reference system. The object will never fall to the surface of a black hole, it will seem to us that it has stopped. Yes, I know the surface of a black hole isn't, that's the way to talk.
On the other hand, if we fell to the center of the black hole and were alive, we would see our universe moving faster and faster and all the stars flying apart at increasing speed, our solar system dying, new ones forming... Here's the continuum, clap and it's gone.

It turns out that the places where there is no gravity are places where time flows as slowly as possible and space is enormous. That's why there's a constant of maximum speed in this environment - the speed of light in a vacuum, but now you have to add it immediately:
1) in the place with the least gravity;
2) and immediately add - for our reference system, which is also in the place with the smallest gravity.
Here is what is not in the formula for the speed of light - no relativity itself.
If we were in a place with strong gravity (in a black hole), the speed of the same light - would be for us completely different, larger, huge, any.

Old Einstein was right to say that speed is relative. He was right to say that no other object in our world can move faster than the speed of light. But he didn't agree that this is under the condition that the gravitational field in the place where light moves and where we observe and measure it from. 
After all, speed is the ratio of two components of the continuum time/space: and space (distance) / time (length of event) - both there, in the formula for speed. And both of these parameters are not constant in nature.

And there are suspicions that gravity not only curves space-time, to be more precise, in my terms, violates the conditions of their inviolable continuum, but is also a clear characteristic of our world and, therefore, when it changes - a passage to other worlds.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on August 17, 2020, 08:02:37 PM
Yes, I don't believe that quantum computing is dangerous right now. However, progress does not stand still if Bitcoin is now a powerful source of power for many social networks. Since it allows you to transfer amounts anywhere, and at the same time allows you to control your money, ensuring you complete safety. But this does not mean that in 20-30 years it will be as safe. What we could not even imagine could happen. Even now, more and more powerful advanced models are being created, which (maybe) will be further refined and evolved in the future. So in the future, there is a risk that bitcoin will not be so secure. ??? ??? ::)
-----------------
Bitcoin will always be safe because it's based on good cryptography. In other words, cryptography, as a science and as a practice, is already 100 years ahead of technical progress. But these achievements have not yet been used. There's no need to. As soon as there is a need, these new cryptographic systems will be introduced immediately into bitcoin. The danger of bitcoin is completely different - it's not anonymous at all. If desired, all bitcoin owners can be identified. And only you will be identified, making a targeted attack will not be a problem.  A trained attacker will no doubt steal your keys. He'll take your bitcoins without hacking into the cryptography. You don't have to think about the security of your cryptography, no fools to break it, but about your anonymity on the network. Here's the big problem. And I don't know how to solve them. VPN or Tor don't solve them. Only an anonymous operating system...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: BitcoinFX on August 18, 2020, 10:23:44 AM
Interesting thread!  :)

Cross-posting from ...

How hard would it be to brute force an address. (Numerically)
- https://bitcointalk.org/index.php?topic=5267859.0

In my opinion, sooner or later computers will be so efficient that they will perform these calculations so quickly that the whole process will take no more than 30 minutes, instead of an infinite number of years, as indicated in the author's post.
Maybe, I am somehow confident that quantum computers can do that. However, I don't think hackers could affort to have one just for brute forcing wallet addresses ;D. Now I know why they use other efficient means of hacking and set this as their last resort lol.
Quantum computers with connection on Bitcoin started to pop again, I also heard before about these quantum computers will make Bitcoin disappear or cryptocurrency itself. I still don't believe it, it's kinda a myth, lol.
For sure, if people will let this happen, I don't think cryptocurrency will only be in danger here.

Quantum computers are not a myth. Lots of companies already exist in the field of quantum simulation, both software and hardware development.

- https://www.rigetti.com/
- https://www.zapatacomputing.com/
- https://strangeworks.com/
- https://www.riverlane.com
- https://qcware.com/
- https://otilumionics.com/quantum-computing/
- http://horizonquantum.com/
- https://quantumsimulations.de/
- https://entropicalabs.com/
- https://1qbit.com/
- https://www.dwavesys.com/

...

Post-quantum cryptography, Bitcoin can move the with times when necessary, both the signing algorithm and the hashing algorithm can be upgraded to be quantum-proof, quantum-safe, quantum-resistant and quantum-enabled.

Post-quantum cryptography
- https://en.wikipedia.org/wiki/Post-quantum_cryptography

Bitcoin Q&A: Migrating to post-quantum cryptography
- https://youtu.be/dkXKpMku5QY

Bitcoin Q&A: Is Quantum Computing a Threat?
- https://youtu.be/wlzJyp3Qm7s

Christian Schaffner: Quantum Cryptography
- https://youtu.be/Lh8OGDNJZQk?t=1238

...

Quantum supremacy
- https://en.wikipedia.org/wiki/Quantum_supremacy

Bitcoin Q&A: "Quantum Supremacy"
- https://youtu.be/eo7mwcsUbdo

...

Quantum simulation, problem solving and mathematical discovery utilizing blockchain / timechain technology, now there's a thought.

8)


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on August 19, 2020, 11:52:25 AM
I think that anonymity of a bitcoin owner and guessing or calculating a bitcoin address are different things.
No matter what bitcoin address, I'm far from the idea that a self-respecting hacker will pick up the code to get the hash sum. If I wanted to calculate the owner of a bitcoin, I would have done it through calculating the client's IP. If I knew one or the required set of bitcoin owner IP addresses, I would attack the owner with special software, I don't want to advertise bad things, so I don't name which one.
Hi.
Such turnkey software has already appeared a lot, starting from buying components just in the network and ending with the purchase of ready-made complex solutions, which can use even a child. Probably after 24 hours, I would see which keys of the keyboard (both physical and screen) my attacker presses, and even where he drives the mouse on the screen. I think, but I don't know, the whole financial part of the attack would take me $1,500. If the attacker has a financial interest for the hacker, then it is a matter of technique and ingenuity, not quantum computers and code brute force attack.
Hackers are a thinking people, unlike many network users. If only there was a point...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on August 20, 2020, 10:25:37 AM
Cross-posting from ...

How hard would it be to brute force an address. (Numerically)
- https://bitcointalk.org/index.php?topic=5267859.0

Thanks for that. I've made a quick post on that thread now, briefly summarising how much more effective a QC is at breaking bitcoin's cryptography, and outlining why QCs have such vast potential. Hopefully this is of some use to the discussion!


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 26, 2020, 07:15:14 AM
I don't know how dangerous a quantum computer is, but I know how dangerous, even now, artificial intelligence, a system that supports password guessing!
Cybercriminals use artificial intelligence and neural networks to improve user password guessing algorithms. More traditional approaches, such as HashCat and John the Ripper, already exist and compare different variants of the password hash to successfully identify the password that matches the hash. However, using neural networks and Generative Adversarial Networks (GAN), cybercriminals will be able to analyze vast sets of password data and generate password variations that match a statistical distribution. In the future, this will lead to more accurate and targeted guessing of passwords and a higher chance of profit.

In a February 2020 clandestine forum post, we found a GitHub repository that has a password analysis tool with the ability to parse 1.4 billion accounts and generate password variation rules.
In addition, we also saw a post listing a collection of open-source hacking tools that have been cracked. Among these tools is AI-based software that can analyze a large set of password data from data leaks. This software ensures that it extends its ability to guess passwords by teaching GAN how people tend to change and update passwords.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 26, 2020, 04:23:26 PM
OP's "don't believe" is a pure speculation at the moment. We know nothing about potentials of future technologies. If quantum computing become power enough to break the current ECDSA scheme and other algos involved then quantum resistant   cryptography will  take the place. The biggest problem  for scientists in the 17th century was how to clean the Earth from a layer of manure that (as they believe)  will cover it in 100 years. That  problem disappeared after the horses (- the main means of locomotions in that time) were replaced by steam and an internal combustion engines.
I think that post-quantum cryptography will take its place before quantum computers appear or not. The problem with elliptic curve cryptography is not that it can be broken, but that it is impossible to check the reliability of the elliptic curves we are forced to use. There is a lot of information on this subject from specialized sources, the main outcome of which is the fact that some elliptic curves proved to be unreliable, even though they were recommended by very influential, world-renowned organizations.
In addition, the existing cryptography on elliptic curves is based on unproven statement, on assumption, on hypothesis.
Another problem is that hackers do not break cryptography, but steal keys, cracking key infrastructure.
No one is paying attention to this. As long as it doesn't affect anyone personally.
And here quantum cryptography on the one hand solves all the problems of elliptic curve cryptography, but on the other hand does not solve the problem of key infrastructure compromise at all.
The solution of the future is keyless encryption technology. Such technologies, as far as I know, are already being developed.
Today, the main danger for hacking comes from artificial intelligence. And it is no longer theory, it is practice. There are already break-ins based on this technology. Keys and passwords are being compromised again. It was reported this month that more than one billion accounts could be hacked using artificial intelligence. Why? Because there's something to steal...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: ranochigo on December 26, 2020, 04:36:01 PM
Today, the main danger for hacking comes from artificial intelligence. And it is no longer theory, it is practice. There are already break-ins based on this technology. Keys and passwords are being compromised again. It was reported this month that more than one billion accounts could be hacked using artificial intelligence. Why? Because there's something to steal...
How do you think AI would affect ECDSA or more specifically public key cryptography? AI (or rather machine learning) does analysis based on certain trends and using passwords/dictionary attacks usually results in the algorithm being fed with big data and finding association and possible passwords based on the targets. If you want to bruteforce using this method, you could find success with leaked database but most likely not with sites that are designed to deter such attempts.

Now, back to the topic. Public key cryptography uses randomness generated from sources to generate the private key. Since the generation methods involves large amount of entropy, if given a public key, how would you use AI to tackle the algorithm and solve for the appropriate private key?


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on December 27, 2020, 02:00:44 PM
Today, the main danger for hacking comes from artificial intelligence. And it is no longer theory, it is practice. There are already break-ins based on this technology. Keys and passwords are being compromised again. It was reported this month that more than one billion accounts could be hacked using artificial intelligence. Why? Because there's something to steal...
How do you think AI would affect ECDSA or more specifically public key cryptography? AI (or rather machine learning) does analysis based on certain trends and using passwords/dictionary attacks usually results in the algorithm being fed with big data and finding association and possible passwords based on the targets. If you want to bruteforce using this method, you could find success with leaked database but most likely not with sites that are designed to deter such attempts.

Now, back to the topic. Public key cryptography uses randomness generated from sources to generate the private key. Since the generation methods involves large amount of entropy, if given a public key, how would you use AI to tackle the algorithm and solve for the appropriate private key?
--------------------------
I do not see the use of artificial intelligence technology to solve the problem of breaking cryptography on elliptic curves. The point is that this problem, so far, belongs to the class of NP-hard problems. Any program, and artificial intelligence is a program with feedback on itself, doesn't like to solve such problems. the program needs an algorithm. And NP-hard problems do not have a known algorithm to solve them in polynomial time.
It seems that there is not.
However, there are very big doubts about it.
No, it is not that this problem has solution algorithms that are hidden from us, but that initially, elliptic curves in finite number fields - have hidden loopholes, weak, but this is known only to the initiated. Here, read this analysis and draw your own conclusions.
Analytica, in abbreviated form, on this topic:
-----------------------   

I do not want to escalate the fear of those present here, but you need to know this if you study the issue of security - for real.

This material reasonably answers important 2 questions:

1. Is cryptography on elliptic curves so safe as we think?

2. Are quantum computations really dangerous for
modern public key cryptosystems?

In higher circles, official organizations, whose activities are directly related to cryptography, since 2015, there is a lively activity.
Why everything so suddenly turned up so hard, no one explains to us.
They probably know more than they say. Yes, and hide the ends ...

The competent organizations involved in setting universal technical standards are very noticeably concerned about the problems of the so-called quantum-safe cryptography. Here are the facts that you should pay attention to, even to us, non-specialists in the field of cryptography.

The next international symposium entitled “ETSI / IQC Workshop on Quantum Secure Cryptography” (https://www.etsi.org/events/1072-ws-on-quantumsafe was held on September 19-21, 2016 in Toronto, Canada, 2016). To emphasize the significance of this event, it should be clarified that ETSI is the European Telecommunications Standards Institute (that is, the industry equivalent of the American NIST, the main standardization body in the United States). And IQC, respectively, is the Institute of Quantum Computing at the University of Waterloo, that is, one of the world's leading research centers that have been dealing with cryptography problems in the context of quantum computers for more than a dozen years.

With such solid organizers of the event, not only leading scientists of academic structures and industry, but also important people from the leadership of transnational corporations and government departments of Europe, North America, Japan, China and South Korea were noted among the participants of the symposium.

And besides, there are also big chiefs of special services involved in the protection of information in states such as Britain, Canada and Germany.

And all these very busy people gathered in Toronto, back in 2016, to discuss how to strengthen cryptography to withstand technologies that, even according to the most optimistic estimates, will become a real threat in twenty years, at least.

If we take into account the fact that, almost simultaneously, in August 2016, NIST (USA) officially announced the launch of its own large-scale program for the transition from traditional cryptography to “post-quantum” cryptography, then the conclusion will be quite obvious.

In the world of cryptography, big changes have already clearly begun. And they started up somehow very hastily and even with some signs of panic. Which, of course, raises questions. And that's why.

In the United States, the first official signal that an urgent need to do something with the modernization of traditional cryptography was August 2015. It was then that the National Security Agency, as the main authority of the state in the field of ciphers, issued a statement on significant changes in its basic policy, in connection with the need to develop new standards for post-quantum cryptography, or, briefly, PQC (National Security Agency, Cryptography today, August 2015 )
The parties involved in this process, and the NSA itself, stated that it considers the present moment (this is still 2015-2016) the most suitable time to come to grips with the development of new protocols for public-key cryptography. Such cryptography, where the strength of the cipher will not depend on calculations using quantum computers.

Naturally, the idea comes that someone somewhere, secretly from the rest, still built a real quantum computer, back in those days. And since the most visible and decisive initiative for the early transition to a new, quantum-safe cryptography was demonstrated by the NSA, it is easy to guess which state comes to mind in the first place. Having not only the largest budget for such initiatives, but also all the necessary scientific and technical capabilities. The NSA, an organization highly classified and secretly able to use the most powerful supercomputers on the planet.

In an open community of cryptographers, puzzled by the haste of new initiatives, there are naturally a lot of other various speculations to explain what is happening. The most informative, perhaps a review work, summarizing and comparing all such hypotheses and assumptions without a final answer, can be considered the well-known article “Puzzle wrapped in a riddle”, prepared by the very famous cryptographers Neil Koblitz and Alfred Menezes at the end of 2015 (Neal Koblitz and Alfred J . Menezes, “A Riddle Wrapped in an Enigma”).
In order to make it clearer why it makes sense to focus on the facts precisely from this analytical work, two points should be briefly clarified.
First: what place do its authors occupy in open academic cryptography.
Second: how closely their own scientific developments are intertwined with the NSA's initiatives to accelerate the transfer of used cryptographic algorithms to other tracks.

The American mathematician and cryptographer Neil Koblitz, is (along with Victor Miller) one of those two people who in 1985 simultaneously and independently came up with a new public key crypto scheme, called ECC (this is, we recall, an abbreviation for Elliptic Curve Cryptography , that is, "cryptography on elliptic curves").

Without going deep into the technical details of this method and its difference from the RSA cryptographic scheme that appeared earlier, we note that ECC has obvious advantages from the point of view of practical operation, since the same theoretical stability of the algorithm is provided with a much shorter key length (for comparison: 256-bit ECC operations are equivalent to working with a 3072-bit module in RSA). And this greatly simplifies the calculations and significantly improves the system performance.
The second important point (almost certainly related to the first) is that the extremely secretive NSA in its cryptographic preferences from the very beginning began to lean in favor of ECC. (!)

In the early years and decades, this reached the academic and industrial circles only in an implicit form (when, for example, in 1997, an official of the NSA, Jerry Solinas, first spoke at the Crypto public conference - with a report on their modification of the famous Koblitz scheme).

Well then, it was already documented. In 2005, the NSA published its recommendations on cryptographic algorithms in the form of the so-called Suite B (“Set B”) - a set of openly published ciphers for hiding secret and top-secret information in national communication systems.

All the basic components of this document were built on the basis of ECC, and for RSA, the auxiliary role of the “first generation” (!) Was assigned, necessary only for a smooth transition to a new, more efficient cryptography on elliptic curves ... (!)
Now we need to remember about Alfred Menezes, the second co-author of the article about "Puzzle, shrouded in a riddle." Canadian mathematician and cryptographer Menezes has been working at the University of Waterloo, one of the most famous centers of open academic cryptography, all his scientific life since the mid-1980s. It was here that in the 1980s, three university professors created Certicom, a company dedicated to the development and commercial promotion of cryptography on elliptic curves.

Accordingly, Alfred Menezes eventually became not only a prominent Certicom developer and author of several authoritative books on ECC crypto schemes, but also a co-author of several important patents describing ECC. Well, the NSA, in turn, when it launched its entire project called Suite B, previously purchased from Certicom a large (twenty-odd) package of patents covering “elliptical” cryptography.

This whole preamble was needed in order to explain why Koblitz and Menezes are precisely those people who, for natural reasons, considered themselves knowledgeable about the current affairs and plans of the NSA in the field of cryptographic information protection.
However, for them, the NSA initiative with a sharp change of course to post-quantum algorithms was a complete surprise. (!)
Back in the summer of 2015 (!) The NSA “quietly”, without explaining to anyone at all, removed the “P-256” ECC algorithm from its kit, while leaving it with its RSA equivalent with a 3072-bit module. Moreover, in the NSA's accompanying statements it was quite clearly said that all parties implementing the algorithms from Suite B now no longer make any sense to switch to ECC, but it is better to simply increase the RSA key lengths and wait until new post-quantum ciphers appear ...
But why? What is the reason for such a sharp rollback to the old RSA system? I do not think that such a serious organization will make such serious decisions, for no reason.
Koblitz and Menezes have every reason to consider themselves people competent in the field of cryptography on elliptic curves, but they did not hear absolutely anything about new hacking methods that compromised “their” crypto scheme. So everything that happens around ECC amazed mathematicians extremely.
People who have close contacts with this industry know that large corporations that provide cryptographic tasks and equipment for the US government always get some kind of advance warning about changing plans. But in this case there was nothing of the kind.
Even more unexpected was the fact that no one from the NSA addressed the people from NIST (USA), who are responsible for the open cryptographic standards of the state.

And finally, even the NSA’s own cryptographic mathematicians from the Information Security Administration (IAD) were extremely surprised by the surprise that the leadership presented them with their post-quantum initiative ...

It can be concluded that those very influential people who in the bowels of the NSA initiated a public change of course did this without any feedback and consultation, even with their own experts. It is to this conclusion that Koblitz and Menezes come in their analyzes. And they readily admit that in the end no one really understands the technical background of everything that happens here.
The conclusion suggests itself that there was some unknown activity, some hidden actors.

For an adequate perception of intrigue, it is very desirable to know that in fact the principles of public key cryptography were discovered almost simultaneously (in the 1970s) in two fundamentally different places at once. At first, a few years earlier, this was done by three secret cryptographs within the walls of the British secret service GCHQ, an analogue and the closest partner of the American NSA. But as it has long been wound up, everything was done in deep secrecy and "only for yourself."

The discovery was not made by GCHQ full-time employees, but by the mathematicians of the CESG unit, responsible for national ciphers and the protection of government communications systems in the UK. And the close interaction between the GCHQ and the NSA of the USA takes place primarily along the lines of joint intelligence activities. In other words, since the NSA also has its own IAD (Information Assurance Directorate) department, specializing in the development of cryptographic algorithms and information protection, the discovery of British colleagues was a complete surprise for the mathematicians of this unit. And for the first time they learned about it from their fellow spies who closely interact with the British ...

And when the same algorithms, in fact, based on factorization and discrete logarithms, regardless of the special services, were soon invented in the USA by open community researchers (Diffie, Hellman, Merkle, Raivest, Shamir, Adleman), the NSA made a huge effort to cram this genie back to the bottle.

Without revealing that the special service already has this math, the NSA chiefs simply tried in every possible way to prevent scientists from publishing this information widely. National security advocates have been pushing that strong cryptography is too serious a weapon, and their new public key encryption algorithms allow anyone, even people and parties who have never met each other, to be hidden from control.

As everyone knows, absolutely nothing with a ban on knowledge and gagging scientists at the NSA did not work. As a result, the open scientific community was very angry with the NSA. And besides, under the pressure of scientists and industry, it was not the spy intelligence service, but the civilian structure, NIST, USA, that began to lead the development and implementation of commercial cryptography in the country.

And although this story is very old, it is quite clearly repeated. Unless, of course, watch carefully.

The ETSI / IQC International Symposium on Quantum Secure Cryptography (in 2016), from which this story began, has several notable features.
Firstly, it was very solidly represented by the heads of important structures, special services of Great Britain, Canada, Germany. All these national special services are analogues of the American NSA. However, absolutely no one was mentioned explicitly from the NSA. And this, of course, is not an accident.

There is plenty of evidence, both from business leaders and directly from the heads of intelligence agencies, that after revelations from Edward Snowden, almost the entire US IT industry (not to mention other countries) reacts extremely negatively to NSA activities. In other words, at international forums discussing ways to strengthen cryptography in the light of new threats, it is now prudent for the NSA to simply not shine.

Another notable feature of what is happening is that this “workshop” in Toronto is not the first, but the fourth in a row. The first was in 2013 in Paris, and the second - especially interesting for us - took place in the fall of 2014 in the capital of Canada, Ottawa.
This event is interesting for the reason that there was a highly unusual report on behalf of the secret British secret service GCHQ (P. Campbell, M. Groves, D. Shepherd, "Soliloquy: A Cautionary Tale"). This is a report from the CESG information security division, which was personally made by Michael Groves, who leads cryptographic research at this intelligence agency.

It must be emphasized here that it is completely uncharacteristic for people from the British special services to talk about their secret developments at open conferences. However, this case was truly exceptional.

In his report, Groves not only said that British cryptographers have been developing quantum-safe algorithms for a long time, since the beginning of the 2000s.

At the same time, it is important that the decision to completely refuse (and not to strengthen-modernize the old design) was mainly made by the special services, due to a very powerful and very impressive attack by the British, developed back in 2013 (!) By a group of researchers from the open academic community . In the work of these authors: K. Eisentraeger, S. Hallgren, A. Kitaev, and F. Song. "A quantum algorithm for computing the unit group of an arbitrary degree number field." In STOC ACM, 2014, an essentially new quantum attack of a very general type is described, covering, in particular, a wide range of "post-quantum" crypto circuits, including Soliloquy, unknown to anyone at that time ...

The effect of this “half-open” speech by a large cryptographer of the British secret service turned out to be exactly as it was obviously intended. The information security industry and academy readily accepted CESG people as very knowledgeable consultants (who clearly demonstrated not only their “leading” competence, but also their willingness to share even their failure experience). At a forum in Toronto, the two CESG bosses were even entrusted with chairing sessions and moderating discussions. (!)

A completely different effect immediately manifested itself, usually accompanying any cooperation with special services. This refers to all excess of secrecy, attempts to drown out even the already published research results.

The story about the CESG grand cryptographer's performance at the open symposium was extremely sparingly covered in the media, and the article and presentation slides about Soliloquy can be found on the Web only to those who very clearly know what they are looking for (on the ETSI website, where these files are exclusively located, direct links to them are not detected).

But the most unpleasant is otherwise.

If anyone interested wants to get acquainted with the very article of scientists of the open community, which greatly impressed the British intelligence service, it quickly becomes clear that it is not so easy to find it. This article is not only on the site of scientific preprints Arxiv.org, where for a long time, along with physicists and mathematicians, both computer scientists and cryptographers are published. It is also not on the specialized site of purely cryptographic preprints Eprint.iacr.org, owned by IACR, or the International Association of Cryptographic Research. Moreover, each of the authors of the article we are interested in has many other publications on this and the other or even both of these sites.

But there is not only the work we need. Strange, but true.
Worse, if you set off to search for a file on the researchers ’personal web pages on university sites, an ambush awaits there too. The most famous of the co-authors, Aleksey Kitaev, is famous as a superstar in the horizon of quantum computing, has only a purely tangential relation to cryptography, and does not accumulate links to files of his publications anywhere.

Another co-author, Sean Holgren, really known as a cryptographer, like many other researchers, used to be used to post links to his publications on a university web page. But it was precisely on the article we were interested in that this case suddenly stopped. For all previous articles, files are available, but for the right one - only the name. For all subsequent publications 2015-2016. not even a name. Although such works are found in preprint archives ...

A truly complete list of everything that was, is, and will even be done (with appropriate links to files) is found only on the site of the youngest of the co-authors - named Fang Song. But, significantly, not on his university web pages, but on his personal website FangSong.info. And even here strange losses are revealed. We still have the PDF file with the variant of the article we are looking for, however, links to about the same file, but with names like "full version" and "Arxiv.org" turn out to be broken, looping back to the main page. That is, the files were clearly laid out by the author, but even here - as on the ArXiv site - inexplicably disappeared ...
All “disappearances” of this kind (quite a lot of similar cases) can be considered only with a very naive and superficial view of things. Most often, the explanation of what is happening is already contained in the headings of the articles, where the authors (in accordance with the rules instituted by scientists for a long time) are obliged to indicate the sources of financing and grants for the money of which the studies were conducted.

Specifically, in our case, the sponsor of the uniquely outstanding article on the new method of quantum cryptographic attack is (surprise!) The US National Security Agency. Well, "whoever pays for it dances," as you know. It is clear that the authors of the study themselves are always interested in the wide dissemination of their results, but their sponsors often have directly opposite goals ...

The only dark and really important point that has not yet been covered in this entire story is this.

What can be the relationship between the new, very effective (and very impressive special services) algorithm for opening all kinds of cryptosystems using a hypothetical quantum computer, and the hasty steps of the NSA to remove (back in 2015-2016) from cryptography circulation on elliptic curves? The connection here, as it turns out, is completely direct. But in order to notice it, again, one must carefully monitor what is happening.

When, at the turn of 2014-2015, the open community just became aware of the post-quantum Soliloquy algorithm from the British intelligence service, its subsequent compromise and the parallel invention of quantum attack, one of the very competent and knowledgeable cryptographers, Dan Bernstein, made an interesting generalization:
https://groups.google.com/forum/#!topic/cryptanalytic-algorithms/GdVfp5Kbdb8

Comparing all the facts known at that time, Bernstein put forward the assumption that in fact the new quantum algorithm from Holgren, Fang Song (and the company) also indicates the path to significantly more powerful attacks using traditional classical computers.

Moreover, on the basis of well-known, but very vague comments by the British, Bernstein concluded that the British special services know this, but prefer to keep it secret from everyone ...

And we know what happened afterwards. A few months later, in August 2015, the NSA suddenly surprised the whole cryptographic world with its sharp rejection of ECC cryptography with a relatively short key length.

The only ones who were hardly surprised were probably the cryptographers of the British intelligence service.

Well, six months later, at the beginning of 2016, already in the open cryptographic community, at least two independent publications from scientific researchers appeared, which in the most general terms confirmed Dan Bernstein's assumption:

1) Ronald Cramer, Léo Ducas, Chris Peikert, Oded Regev. "Recovering Short Generators of Principal Ideals in Cyclotomic Rings." In Eurocrypt 2016;

2) Jean-François Biasse and Fang Song, "Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields". In 27th ACM-SIAM Symposium on Discrete Algorithms).

In other words, it has now been rigorously and for everyone shown that yes, indeed, the new purely “quantum” approaches to solving difficult cryptographic problems, in fact, can significantly reduce labor costs when breaking cryptoschemes using classical computers.

Specifically, nothing has been openly announced yet about compromising the ECC scheme.

Or maybe you don’t need to do this?
Let's think together whether this is beneficial to the one who is aware?

But this, it seems, is only a matter of time.


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Voland.V on January 06, 2021, 12:56:30 PM
Today, the main danger for hacking comes from artificial intelligence. And it is no longer theory, it is practice. There are already break-ins based on this technology. Keys and passwords are being compromised again. It was reported this month that more than one billion accounts could be hacked using artificial intelligence. Why? Because there's something to steal...
... Now, back to the topic. Public key cryptography uses randomness generated from sources to generate the private key. Since the generation methods involves large amount of entropy, if given a public key, how would you use AI to tackle the algorithm and solve for the appropriate private key?
-----------------------------
Now back to the subject of the question you asked.
How can we use artificial intelligence to solve the problem of finding a private key if we know the public key?
I could be wrong, but the principle of artificial intelligence is algorithms, it is a program with self-development.
If there was an algorithm to find the private key through the public key, there would not be the cryptography we use. Makes sense?
It makes sense, except for cryptography built on elliptic curves, for the reasons described in the last post.
So, the solution algorithm known to us (not to humans in general) does not exist.
Then, I would use artificial intelligence in another way - I would break the whole amount of computation into billions of components (into groups of large sets of numbers to check), and in a mode of covertly forcing computation on all remote network computers, make them work on the problem in secret. This is similar to the process of covert mining of a cryptocurrency, the task being distributed to all systems available for such a covert attack. Then all that remains is to hope for a result in polynomial time. Naturally, I would apply all known algorithms that reduce calculations when solving discrete logarithm or factorization problems of large numbers.
As for the human social graph and guessing, artificial intelligence will help with passwords if they are not random, but will not help at all with keys, with the pair of public and private key, which are generated without taking into account the peculiarities of the person's personality.
And of course, the best and most effective way to get the public key with artificial intelligence is banal phishing, theft, covert espionage, Trojan horse program and other nasties, with which the artificial intelligence will be loaded in the first place.
In that sense, it's interesting to have a discussion, will our security increase or decrease in the age of artificial intelligence?
It's not as simple a question as it seems at first glance...


Title: Re: I don't believe Quantum Computing will ever threaten Bitcoin
Post by: Cnut237 on February 04, 2021, 02:24:53 PM
if given a public key, how would you use AI to tackle the algorithm and solve for the appropriate private key?

You wouldn't. You'd use a quantum computer running Shor's algorithm.

AI might help you to derive a more efficient algorithm, and improve your solution time slightly, but it does next to nothing to address the fundamental issue, which is the sheer number of potential solutions. Whereas a quantum computer does address this, because its processing power scales differently.

A conventional computer can solve a problem 'x' in 'y' seconds, taking 'z' number of steps.
If you use AI to improve your algorithm, then perhaps it can solve problem 'x' in 'y/2' seconds, so twice as fast - but it will still take 'z' number of computational steps to do so.
The advantage of a quantum computer is that it can drastically reduce 'z', the number of steps required. This is why they are 'faster'. 

Where a classical computer with 'n' bits can represent 'n' states, a quantum computer can represent 2^n states. This is because the potential outcomes are superposed.
So as we increase complexity, the number of states that can be represented are as follows:
Classical: 1,2,3,4,5,6,7,8 etc.
Quantum: 1,2,4,8,16,32,64,128 etc.

The upshot is that whilst a classical computer takes an unimaginably huge 2^128 operations to derive the bitcoin private key, a QC running Shor takes a mere 128^3.
It doesn't matter how great your algorithm is, there is always the limit that a classical computer still faces that huge number of processing steps.